Prolific Threat Actor "miyako" Advertises Access to China Telecom Data Center
A skilled and well-established threat actor known as "miyako" claimed in a January 15, 2025 post on a popular darknet hacking forum to have compromised a server hosting a firewall in an unnamed China Telecom data center.
A skilled and well-established threat actor known as "miyako" claimed in a January 15, 2025 post on a popular darknet hacking forum to have compromised a server hosting a firewall in an unnamed China Telecom data center. The individual, who appears to have gained an elevated "GOD" status on the forum, was offering root access to the server for a price that would be disclosed only to serious buyers.
Background on "miyako":
While the veracity of this specific access is unconfirmed, "miyako" has an extensive history on the forum and a reputation as a capable cyber criminal specializing in initial access brokerage. Since joining in August 2024, she has made 230 posts and started 102 threads, earning an impressive reputation score of 1,529.
Her bio asserts that she is a lone operator who will "never attack any CIS country", hinting at a geographic focus and/or ethical code. Over the past few years, "miyako" has regularly posted offerings of compromised access to organizations in cybersecurity, defense, healthcare, logistics and other sectors across the US, Europe and Asia, with prices typically ranging from $200-$600.
An OSINT interview and threat actor profile have brought "miyako" some publicity in the cybersecurity community. The profile states that she has successfully infiltrated networks of joint military task forces, government & military supply chains worldwide, and prominent multinational corporations.
Implications of the China Telecom breach:
If legitimate, the compromised server in the China Telecom data center could enable a buyer to deeply infiltrate the telecom giant's systems and potentially conduct espionage or disruptive attacks on critical communications infrastructure.
The targeting of a major Chinese company also potentially broadens "miyako's" range of interests beyond the US, Europe and Asia regions that have been her focus to date, marking an expansion into audacious targets that are challenging to penetrate.
While "miyako's" claims cannot be definitively verified, her advertised access represents a serious risk that network defenders must address, especially those in the industries and regions she has repeatedly victimized. Security teams should vigilantly monitor for signs of "miyako's" activity as an exceptionally relevant threat.
