Simulated or Real? Mystery Shrouds China’s Zhujian Cup Hacking Event

During an ethical hacking competition in China held late last year, participants were allowed to operate within a real network rather than a virtual platform, raising serious concerns among researchers. The unusual conditions and secrecy surrounding the Zhujian Cup have led to suspicions that students may have been involved in an actual intelligence operation.

Typically, hacking competitions, such as Capture the Flag (CTF), are conducted on isolated networks specifically designed for safe attacks. However, the Zhujian Cup, organized by Northwestern Polytechnical University in Xi’an, did not mention any companies responsible for creating such networks, leading researchers to doubt whether the competition took place on a simulation at all.

Participants were required to sign a document obligating them to keep the tasks confidential, avoid destroying the targets, and erase all traces of their actions upon completion. This added to the mystery and hinted at the possibility that the hackers involved were working within a real network. In the event of a data breach, students would face legal consequences, which is highly unusual for such competitions.

Researchers from Western universities who examined the competition uncovered several suspicious details. One of these was the requirement to remove backdoors installed in the attacked systems. Normally, such precautions are unnecessary in these competitions, as everything occurs within a virtual environment. However, in the case of the Zhujian Cup, it appears that students may have infiltrated real networks.

The competition took place in late December last year, during the holiday season, when many companies were operating on reduced schedules, making them more vulnerable to cyberattacks. Over 200 students participated in the three stages of the competition, which included a theoretical component, vulnerability hunting, and a “public target.” It was this final stage that drew researchers’ attention as potentially connected to a real network.

The authors of a study published by the Atlantic Council admit they have no direct evidence that students targeted real networks. However, they estimate the likelihood to be around 85%, as they found no other explanations for the strange conditions of the competition.

Cyber competitions in China have become a crucial tool for developing national talent since 2015, following revelations of large-scale cyberattacks conducted by the U.S. Since then, China has actively promoted internal CTF competitions to attract talent and enhance its national cybersecurity capabilities.