big comanys that hire ethical hacker(Ethical Hackers)

Introduction：

1、Leak Reveals ‘First-Of-Its-Kind’ Look At Hackers For Hire In China： Researchers

2、China's Commercial Hackers - Mapping the Hackers-for-Hire Ecosystem

Leak Reveals ‘First-Of-Its-Kind’ Look At Hackers For Hire In China： Researchers ♂

　　The SentinelOne threat researchers wrote in a post that the I-Soon leak reveals ‘the maturing nature of China’s cyber espionage ecosystem.’

　　The leak of documents from China-based security firm I-Soon is providing previously unavailable insights into the world of “hacking-for-hire” in the country, according to threat researchers from SentinelOne.

　　The cache of documents, posted online last week, “provides a first-of-its-kind look at the internal operations of a state-affiliated hacking contractor,” wrote Dakota Cary and Aleksandar Milenkoski, researchers at cybersecurity vendor SentinelOne.

　　[Related: US Agencies Warn About Network Devices 'Frequently Exploited' By China-Linked Hacking Group]

　　The New York Times reported Thursday that multiple cybersecurity experts have attested to the documents’ authenticity.

　　Key revelations in the documents include details on the ways in which the Chinese government’s Ministry of State Security is backing private-sector hacker operations, which are believed by U.S. officials to have targeted companies and governments in the U.S., according to the Times report.

　　In a blog post, the SentinelOne threat researchers said the leak provides “some of the most concrete details seen publicly to date, revealing the maturing nature of China’s cyber espionage ecosystem.”

　　“It shows explicitly how government targeting requirements drive a competitive marketplace of independent contractor hackers-for-hire,” the researchers wrote.

　　For the threat intelligence community, the leaked documents offer an opportunity to reconsider some of their past attributions for major cyberattacks, according to the SentinelOne researchers.

　　Threat intelligence analysts should also be able to “gain a deeper understanding of the complex Chinese threat landscape,” which should prove critical for keeping pace with threats deriving from China and bolstering cyber defense strategies, the researchers wrote.

　　Ultimately, as shown in the leaked documents, “third-party contractors play a significant role in facilitating and executing many of China’s offensive operations in the cyber domain,” the SentinelOne researchers wrote.

China's Commercial Hackers - Mapping the Hackers-for-Hire Ecosystem ♂

　　Over the past year, the pivotal role played by China’s contract hackers-for-hire in supporting China’s malicious cyber actions has become increasingly apparent, with the Treasury Department sanctioning three other Chinese cybersecurity firms for their alleged links to PRC-State sponsored hacking activity against US interests. These sanctioned organizations are a small part of an extensive ecosystem - one that the MSS and other organizations can leverage in support of ongoing campaigns.

　　Join WireScreen and DarkOwl in their upcoming webinar to discover how a combination of dark web data and corporate intelligence can illuminate these cybersecurity networks, identifying avenues of potential future threat and opportunities for investigators.

Related questions

Big Companies That Hire Ethical Hackers

Ethical hackers, also known as penetration testers or cybersecurity specialists, are in high demand across industries to protect digital assets. Below is a categorized list of major companies known for hiring ethical hackers, along with key initiatives or roles:

1. Tech Giants

• Google: Employs teams like Project Zero to identify zero-day vulnerabilities. Offers roles in red teaming and cloud security (Google Cloud).
• Microsoft: Runs the Microsoft Security Response Center (MSRC) and Azure security teams. Actively hires for penetration testing and threat intelligence.
• IBM: X-Force Red is their dedicated ethical hacking team, focusing on network, application, and hardware security.
• Cisco: Talos Security Intelligence team works on threat detection and network vulnerability assessments.
• Amazon: AWS Security teams hire ethical hackers to secure cloud infrastructure and services.

2. Financial Services

• JPMorgan Chase, Bank of America, Citigroup: Maintain large cybersecurity divisions for fraud prevention and data protection.
• Visa/Mastercard: Focus on securing payment ecosystems and compliance (PCI-DSS).
• PayPal: Invests in anti-fraud systems and secure transaction technologies.

3. Consulting & Professional Services

• Deloitte, PwC, KPMG, EY: Offer cybersecurity consulting, including penetration testing and incident response.
• Accenture: Operates Accenture Security with roles in red teaming and IoT security.

4. Telecommunications

• AT&T, Verizon: Secure telecom infrastructure and 5G networks. Verizon’s Cybertrust division is notable.
• Ericsson/Nokia: Focus on securing telecom hardware and IoT solutions.

5. E-commerce & Retail

• Amazon, eBay: Protect customer data and transaction systems. Amazon’s Customer Trust and Safety team is key.
• Walmart, Target: Bolster cybersecurity post-breach, with dedicated red teams.

6. Cybersecurity Firms

• Palo Alto Networks, CrowdStrike, Fortinet: Core business includes ethical hacking for threat detection and response.
• Mandiant (Google Cloud): Specializes in incident response and advanced threat analysis.
• HackerOne/Bugcrowd: Run bug bounty platforms but also employ in-house security researchers.

7. Cloud Services

• AWS, Microsoft Azure, Google Cloud: Hire ethical hackers to audit cloud platforms and ensure compliance.

8. Social Media & Entertainment

• Meta (Facebook): Whitehat Programs and infrastructure security teams.
• Netflix, Sony: Protect streaming platforms and gaming networks (e.g., PlayStation).

9. Automotive & Transportation

• Tesla, GM, Ford: Focus on securing connected vehicles and autonomous systems.
• Uber/Lyft: Protect ride-sharing apps and user data.

10. Healthcare & Pharmaceuticals

• UnitedHealth Group, Pfizer: Secure patient data and clinical systems against breaches.

11. Aerospace & Defense

• Lockheed Martin, Raytheon: Cybersecurity roles for national defense and critical infrastructure.

12. Energy & Utilities

• ExxonMobil, Duke Energy: Protect operational technology (OT) and SCADA systems.

Notable Initiatives

• Bug Bounty Programs: Many companies (e.g., Google, Microsoft) run these, but in-house roles focus on proactive security.
• Red Teams: Common in tech and finance to simulate attacks (e.g., IBM X-Force Red, Microsoft Red Team).

These companies prioritize cybersecurity due to their scale, data sensitivity, and regulatory requirements, making them prominent employers for ethical hackers. Job titles may vary, but roles often involve vulnerability research, penetration testing, and threat mitigation.