A huge cache of leaked documents and data from a Chinese government-linked hacking firm shows that Beijing’s military and spy groups carry out large-scale, systematic cyber intrusions against foreign governments, companies and infrastructure. The files held by the Chinese company iSoon detail the company’s contracts with Chinese state agencies to extract foreign data over eight years. Apparently, iSoon had a disgruntled spy who made all its secrets public.
The leaked documents show that Beijing’s military and intelligence groups are carrying out large-scale, systematic cyber intrusions against foreign governments, companies and infrastructure. Containing more than 570 files, images and chat logs, the database offers unprecedented insight into the operations of iSoon, one of the companies that Chinese government agencies contract for on-demand bulk data collection operations.
The leak does not specify whether the services were successful. However, they show targets in at least 20 foreign governments and territories, including India, Thailand, South Korea, the United Kingdom, Taiwan and Malaysia, and an operation to closely monitor the activities of ethnic minorities in China, online gambling companies and American government agencies.
The chat logs also describe the sale of unspecified data related to NATO. Another file shows officials discussing a list of targets in Britain. The People’s Liberation Army (PLA) and Chinese national police have breached computer systems at nearly two dozen major American infrastructure organizations over the past year.
Experts are poring over the documents, which offer a comprehensive look at the Chinese spy industry’s intense race to collect national security data. iSoon, also known as Auxun, is part of an ecosystem of Chinese government service providers that emerged from a group of “patriotic hackers” established more than two decades ago and now working for a range of Chinese government entities, including the Ministry of Public Security, the Ministry of State Security and the military command.
It’s no secret that China is a prolific actor in cyber espionage of other nations. iSoon, whose headquarters are in Chengdu, was already on the radar of some cybersecurity researchers after being sued by a company in the same city, known as Chengdu 404, which is linked to the cyber espionage group known as APT41.
The files include internal chats, business proposals, documentation describing the company’s products and what appears to be stolen victim data.
The documents show a series of services offered by iSoon to Chinese bodies and agencies, which include the Ministry of State Security, China’s main spy agency, the PLA and the Chinese national police. In addition, they include proposals and presentations about the company’s services, including penetration testing, surveillance operations and also descriptions of:
• Malware designed to run on Windows, macOS, Linux, iOS and Android;
• A platform to collect and analyze email data;
• A platform to hack Outlook accounts;
• A Twitter monitoring platform;
• A reconnaissance platform using OSINT data (intelligence information);
• Physical hardware devices intended to be used for local hackers; …
• Communication equipment using a Tor-type network for agents working abroad.
The data leak confirms the policy of Chinese government agencies to increasingly hire espionage campaigns, including from foreign companies. Security experts who analyzed the leaked data say they believe the information is legitimate and was likely leaked by a disgruntled employee.
Source: CisoAdvisor
