Sunday, April 27, 2025
Homecyber securityLeak of China’s Hacking Documentation Stunned Researchers

Leak of China’s Hacking Documentation Stunned Researchers

Published on

SIEM as a Service

Follow Us on Google News

In a startling revelation that has sent shockwaves through the cybersecurity community, a massive data leak has exposed the inner workings of I-Soon (上海安洵), a Chinese tech security firm with deep ties to the country’s government agencies, including the Ministry of Public Security, Ministry of State Security, and the People’s Liberation Army.

Over the weekend of February 16th, the leak provided an unprecedented glimpse into China’s cyber espionage operations, raising serious questions about global cybersecurity and the extent of state-sponsored hacking activities.

Document
Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks .

- Advertisement - Google News

Unmasking I-Soon: Hacker-for-Hire

I-Soon, known for its contracts with various People’s Republic of China (PRC) agencies, was at the center of a significant security breach when a trove of its internal documents was leaked online.

The leaked documents, which include contracts, marketing presentations, product manuals, and lists of clients and employees, reveal detailed methods used by Chinese authorities to surveil dissidents overseas, hack other nations, and promote pro-Beijing narratives on social media platforms, reads Sentinel Labs report.

The documents also show I-Soon’s involvement in hacking networks across Central and Southeast Asia, as well as Hong Kong and Taiwan, using tools that allow Chinese state agents to unmask users of platforms like X (formerly known as Twitter), break into email accounts, and hide the online activities of overseas agents

This leak offers a rare window into the pervasive state surveillance and cyber operations conducted by Chinese authorities, highlighting the sophisticated nature of China’s cyber espionage ecosystem.

The Impact of the Leak

The leak has stunned researchers and analysts, providing some of the most concrete details seen publicly about the operations of a state-affiliated hacking contractor.

It reveals how government targeting requirements drive a competitive marketplace of independent contractor hackers-for-hire

The documents detail I-Soon’s compromise of at least 14 governments, pro-democracy organizations in Hong Kong, universities, and NATO, showcasing the global reach of China’s cyber espionage efforts

One of the leaked documents lists targeted organizations and the fees earned by hacking them, with data collection from Vietnam’s Ministry of Economy paying out $55,000, among other payouts

This leak not only embarrasses the company but also raises critical questions for the cybersecurity community, offering a unique opportunity to reevaluate past attribution efforts and gain a deeper understanding of the complex Chinese threat landscape.

Investigating the Leak

The source of the leak remains unknown, with speculation ranging from a rival intelligence service, a dissatisfied insider, or even a rival contractor

Chinese authorities are investigating the unauthorized dump of documents, and I-Soon has reportedly held meetings to assess the impact of the leak on its business

The leak’s authenticity, while still under investigation, has been deemed highly credible by cybersecurity firms and analysts who have examined the documents

The leak of I-Soon’s documents marks a significant moment in understanding state-sponsored cyber operations, shedding light on the intricate and often hidden world of cyber espionage.

As researchers and analysts continue to sift through the leaked data, the cybersecurity community is poised to reassess its defense strategies and attribution efforts in the face of a complex and evolving threat landscape.

This incident underscores the critical importance of cybersecurity vigilance and the ongoing challenges posed by state-affiliated hacking operations on a global scale.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Two Systemic Jailbreaks Uncovered, Exposing Widespread Vulnerabilities in Generative AI Models

Two significant security vulnerabilities in generative AI systems have been discovered, allowing attackers to...

New AI-Generated ‘TikDocs’ Exploits Trust in the Medical Profession to Drive Sales

AI-generated medical scams across TikTok and Instagram, where deepfake avatars pose as healthcare professionals...

Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware

The cybersecurity landscape faces an escalating crisis as AgeoStealer joins the ranks of advanced...

Compliance And Governance: What Every CISO Needs To Know About Data Protection Regulations

The cybersecurity landscape has changed dramatically in recent years, largely due to the introduction...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Two Systemic Jailbreaks Uncovered, Exposing Widespread Vulnerabilities in Generative AI Models

Two significant security vulnerabilities in generative AI systems have been discovered, allowing attackers to...

New AI-Generated ‘TikDocs’ Exploits Trust in the Medical Profession to Drive Sales

AI-generated medical scams across TikTok and Instagram, where deepfake avatars pose as healthcare professionals...

Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware

The cybersecurity landscape faces an escalating crisis as AgeoStealer joins the ranks of advanced...