In 2018, the Chinese government barred Chinese security researchers from participating in hacking contests in foreign countries in a bid to keep the knowledge of disclosing software vulnerabilities in China itself. The decision affected popular hacking contests like Pwn2Own that were mostly dominated by Chinese participants.
As a response to the ban, the Chinese government started organizing TianfuCup, for local security researchers.
On the first day of the ongoing TianfuCup, Chinese security researchers have managed to successfully discover zero-day vulnerabilities in Microsoft Edge (based on EdgeHTML), Google Chrome, Safari, Office365, D-Link DIR-878 Router, Adobe PDF Reader, and quemu-kvm + Ubuntu.
Team 360Vulcan, which won the Pwn2Own in 2016 by hacking Google Chrome within 11 minutes, is leading the TianfuCup 2019.
I’m not at all surprised to see 360Vulcan has an exploit in every category. They are a large team with a lot of skilled people. Also, they always dominate by quantity in pwn contests, they go after everything. (The router bugs don’t pay out enough, I guess, to attract 360) https://t.co/bvn41vIK16
— thaddeus e. grugq (@thegrugq) November 16, 2019
On Day 2, Chinese hackers exposed the vulnerabilities in D-Link DIR-878 router, Adobe PDF Reader, and VMWare Workstation. Team 360Vulcan was expected to exploit iOS in their much-anticipated session, but the team gave up before it happened.
Nonetheless, Team 360Vulcan won the competition bagging prize money of $382,500 for hacking Microsoft Office 365, VMWare Workstation, Microsoft Edge, qemu+Ubuntu, and Adobe PDF Reader.
A major chunk of the prize money won by Team 360Vulcan came from the exploits of VMWare and qemu+Ubuntu that were valued at $200,000 and $80,000, respectively.
Many companies, including Google, sent their representatives to the competition for picking up the exploits’ reports and issue a patch as soon as possible.