Twitter on Tuesday moved to restrict the account of a mysterious group that has published details on suspected state-sponsored hackers from China.
The group, Intrusion Truth, had spent recent days hinting that it would go public with new allegations against possible hackers, teasing followers with messages like “Watch this space” and “Who’s excited? We are.” The identity of the person or group behind Intrusion Truth has remained elusive since it started publishing information in 2017, including missives about how Chinese technology companies allegedly supported espionage on Beijing’s behalf.
Intrusion Truth’s Twitter account suggested it would publish new information on Wednesday about “hackers based in Chengdu,” a city in southwestern China. Twitter, though, plastered a warning on the account, saying that the account was “temporarily restricted” because “there has been some unusual activity.” Users still could access the page at press time Tuesday, though they would need to click through to see the tweets, as FireEye vice president John Hultquist noticed.
— John Hultquist (@JohnHultquist) May 4, 2021
A Twitter spokesperson attributed the move to an anti-spam measure, as the Intrusion Truth page had been mostly dormant for a period of months only to return with a sudden uptick of tweets.
“We regularly deploy anti-spam challenges across the service to protect the public conversation, as was the case here,” the company said. “The account holder may be asked to provide additional information (e.g., a phone number) to verify their account.”
The company has taken a more aggressive approach in recent months to users who leverage their accounts to violate its terms of service. Twitter famously banned former President Donald Trump in January, for instance, and regularly takes action against accounts that engage in government information operations or try to amplify the QAnon conspiracy movement, among other examples.
Twitter also has enforced its policy against the spread of hacked materials. In July 2020, the social media firm suspended the account belonging to @DDoSecrets, a WikiLeaks-style group that had published 269 GB of data that appeared to be stolen from hundreds of U.S. police agencies.
A March 2019 policy also forbids Twitter users from publishing “other people’s private personal information without their express authorization and permission.”
Intrusion Truth published its most recent post in January 2020, saying the cyber-espionage group APT40 — which has conducted operations to support Chinese military efforts, according to FireEye — is run by a department of China’s Ministry of State Security. The post, published on a WordPress blog, linked some activity to a man named Ding Xiaoyang, an alleged computer specialist and intelligence agent said to reside in China’s Hainan province.
Update, 8:57pm ET: This story has been updated to include a response from Twitter.