May 13, 2024 at 06:48AM
Matrix Cup, a leading Chinese cybersecurity competition, offers a $2.5 million prize pool, with emphasis on zero-day exploits targeting Western technology products. The contest encompasses a diverse array of targets, including operating systems, smartphones, enterprise products, networking devices, web browsers, and more. However, it remains unclear if vulnerabilities demonstrated will be reported to affected vendors. Comparisons are drawn to North America’s Pwn2Own competition, which similarly rewards significant amounts for exploits. The Chinese law mandates promptly disclosing zero-day vulnerabilities to the government and prohibits selling or providing such details to third parties, raising concerns about government stockpiling of zero-days. Notably, Microsoft reported a surge in zero-day exploits after the law’s implementation, with threat actors believed to be sponsored by the Chinese government leveraging such vulnerabilities in attacks against the US government and affiliated entities.
The Matrix Cup, a Chinese hacking competition sponsored by Qihoo 360 and Beijing Huayun’an Information Technology, is set to offer a $2.5 million prize pool for zero-day exploits targeting a wide range of technology products, with a focus on those made in the West. The event is scheduled for June 26-28 and includes targets such as operating systems, smartphones, enterprise products, networking devices, storage devices, databases, enterprise tools, web browsers, virtualization technologies, printers, and data frameworks.
The organizers aim to address cybersecurity challenges posed by new technologies, reduce risk, and improve the security of products. However, it’s unclear whether demonstrated vulnerabilities will be reported to the affected vendors. This contrasts with the North America-based Pwn2Own competition, which promptly reports findings to impacted vendors.
Chinese hacking competitions like the Tianfu Cup have also gained attention for significant payouts, with a focus on exploits for various technologies. However, the disclosure of these exploits to vendors remains unclear, raising concerns within the cybersecurity industry about zero-day vulnerabilities being stockpiled by the Chinese government. Reports suggest that the implementation of Chinese laws regarding the disclosure of zero-day vulnerabilities may have contributed to an increase in zero-day exploits, with threat actors believed to be sponsored by the Chinese government leveraging these vulnerabilities in attacks against the US government and its affiliates.