A massive data leak analyzed by cybersecurity experts this week has revealed the alleged hacking activities of a Chinese tech security firm, implicating it in breaching foreign governments, infiltrating social media accounts, and hacking personal computers.
Massive Leak Alleges Chinese Hacking Activities
According to AFP, the leaked documents from I-Soon, a private Chinese company vying for government contracts, reveal its hackers compromised over a dozen governments, pro-democracy organizations in Hong Kong, universities, and even the NATO military alliance, according to findings by cybersecurity firms SentinelLabs and Malwarebytes.
Analysts at SentinelLabs have characterized the leaked data as offering "concrete details" into China's evolving cyber espionage landscape, shedding light on the operational dynamics of state-affiliated hacking contractors.
The leaked documents allegedly highlight the competitive market for independent hacker-for-hire services driven by government targeting requirements.
I-Soon, a company that contracts for various Chinese agencies, including the Ministry of Public Security and the People's Liberation Army, has reportedly been involved in compromising government offices across several countries, with screenshots and chatlogs allegedly detailing its operations surfacing online.
In a separate statement on Wednesday, Malwarebytes said I-Soon was able to breach government offices in India, Thailand, South Korea, and Vietnam, among others.
While the authenticity of the leaked documents remains under scrutiny, analysts have noted that they corroborate existing threat intelligence on Chinese cyber activities, offering glimpses into the inner workings of state-affiliated hacking contractors.
Marketing Materials
Initial observations of the leaked data reveal a wealth of marketing materials, technical documents, and chatlogs showcasing I-Soon's capabilities and operational tactics.
Among the documents are marketing materials boasting of past counterterrorism work, including targeting counterterrorism centers in Pakistan and Afghanistan, as well as technical documents outlining the functionality of hacking tools and custom hardware snooping devices, according to SentinelLabs.
The leaked data also provides insights into the financial aspects of I-Soon's operations, with documents listing targeted organizations and the fees earned through hacking activities.
Employees' complaints about low pay and discussions about seeking employment elsewhere further highlight the reported internal dynamics of the company.
High-Confidence Clustering
"The leaked documents offer the threat intelligence community a unique opportunity to reevaluate past attribution efforts and gain a deeper understanding of the complex Chinese threat landscape. This evaluation is essential for keeping up with a complex threat landscape and improving defense strategies," SentinelLabs said in a blog post.
SentinelLabs noted that the widespread sharing of malware and infrastructure management processes among groups complicates high-confidence clustering.
It also said that leaked documents demonstrate the substantial involvement of third-party contractors in facilitating and executing numerous cyber offensive operations by China.
"For defenders and business leaders, the lesson is plain and uncomfortable. Your organization's threat model likely includes underpaid technical experts making a fraction of the value they may pilfer from your organization. This should be a wakeup call and a call to action," SentinelLabs added.