Leak of China’s Hacking Documentation Stunned Researchers

In a startling revelation that has sent shockwaves through the cybersecurity community, a massive data leak has exposed the inner workings of I-Soon (上海安洵), a Chinese tech security firm with deep ties to the country’s government agencies, including the Ministry of Public Security, Ministry of State Security, and the People’s Liberation Army.

Over the weekend of February 16th, the leak provided an unprecedented glimpse into China’s cyber espionage operations, raising serious questions about global cybersecurity and the extent of state-sponsored hacking activities.

Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks .

Book Your Spot

Unmasking I-Soon: Hacker-for-Hire

I-Soon, known for its contracts with various People’s Republic of China (PRC) agencies, was at the center of a significant security breach when a trove of its internal documents was leaked online.

The leaked documents, which include contracts, marketing presentations, product manuals, and lists of clients and employees, reveal detailed methods used by Chinese authorities to surveil dissidents overseas, hack other nations, and promote pro-Beijing narratives on social media platforms, reads Sentinel Labs report.

The documents also show I-Soon’s involvement in hacking networks across Central and Southeast Asia, as well as Hong Kong and Taiwan, using tools that allow Chinese state agents to unmask users of platforms like X (formerly known as Twitter), break into email accounts, and hide the online activities of overseas agents

This leak offers a rare window into the pervasive state surveillance and cyber operations conducted by Chinese authorities, highlighting the sophisticated nature of China’s cyber espionage ecosystem.

The Impact of the Leak

The leak has stunned researchers and analysts, providing some of the most concrete details seen publicly about the operations of a state-affiliated hacking contractor.

It reveals how government targeting requirements drive a competitive marketplace of independent contractor hackers-for-hire

The documents detail I-Soon’s compromise of at least 14 governments, pro-democracy organizations in Hong Kong, universities, and NATO, showcasing the global reach of China’s cyber espionage efforts

One of the leaked documents lists targeted organizations and the fees earned by hacking them, with data collection from Vietnam’s Ministry of Economy paying out $55,000, among other payouts

This leak not only embarrasses the company but also raises critical questions for the cybersecurity community, offering a unique opportunity to reevaluate past attribution efforts and gain a deeper understanding of the complex Chinese threat landscape.

Investigating the Leak

The source of the leak remains unknown, with speculation ranging from a rival intelligence service, a dissatisfied insider, or even a rival contractor

Chinese authorities are investigating the unauthorized dump of documents, and I-Soon has reportedly held meetings to assess the impact of the leak on its business

The leak’s authenticity, while still under investigation, has been deemed highly credible by cybersecurity firms and analysts who have examined the documents

The leak of I-Soon’s documents marks a significant moment in understanding state-sponsored cyber operations, shedding light on the intricate and often hidden world of cyber espionage.

As researchers and analysts continue to sift through the leaked data, the cybersecurity community is poised to reassess its defense strategies and attribution efforts in the face of a complex and evolving threat landscape.

This incident underscores the critical importance of cybersecurity vigilance and the ongoing challenges posed by state-affiliated hacking operations on a global scale.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.