Analysts reveal Chinese company’s involvement in hacking foreign governments and activists in massive data breach
Experts analyzing a recent data leak discovered that a Chinese tech security company successfully breached foreign governments, infiltrated social media accounts, and hacked personal computers.
Documents from I-Soon, a private company that competes for Chinese government contracts, show its hackers have compromised more than a dozen governments, according to cybersecurity firms SentinelLabs and Malwarebytes.
I-Soon also breached “democracy organizations” in China’s semi-autonomous city of Hong Kong, universities and the NATO military alliance, SentinelLabs researchers wrote in a blog post on Wednesday.
The leaked information, whose contents AFP could not immediately verify, was published by an unknown person on the online software repository GitHub last week.
“The leak provides some of the most concrete details seen publicly to date and reveals the maturing nature of China’s cyberespionage ecosystem,” SentinelLabs analysts said.
I-Soon managed to break into government agencies in India, Thailand, Vietnam and South Korea, among others, Malwarebytes said in a separate message on Wednesday.
I-Soon’s website was unavailable Thursday morning, although the site’s Internet archive on Tuesday says it is based in Shanghai, with subsidiaries and offices in Beijing, Sichuan, Jiangsu and Zhejiang.
The company did not respond to a request for comment.
When asked by AFP on Thursday whether Beijing had contracted the hackers, China’s foreign ministry said it was not aware of the incident.
“In principle, China strictly opposes all kinds of cyber attacks and counters them in accordance with the law,” spokesman Mao Ning said.
Hackers from contracts
The leak contains hundreds of files that show chat logs, presentations and lists of items.
Among the leaks, AFP found lists of Thai and British ministries and screenshots of attempts to log into a person’s Facebook account.
Other screenshots showed disputes between an employee and a supervisor over wages and a document describing software designed to access the target’s Outlook emails.
“As the leaked documents show, third-party contractors play a significant role in facilitating and executing many of China’s offensive operations in the cyber domain,” SentinelLabs analysts said.
In one screenshot of a conversation on the chat app, someone describes a customer’s request to gain access to “the office of the foreign minister, the ASEAN office of the foreign ministry, the prime minister’s office, the national intelligence service” and other ministries of an unnamed country.
Analysts who reviewed the files said the company also offered potential customers the ability to hack into people’s accounts on the social media platform X – to track their activities, read their private messages and send messages.
It also described how company hackers could access and take control of a person’s computer remotely, allowing them to execute commands and track what they typed.
Other services included ways to hack into Apple’s iPhone and other smartphone operating systems, as well as custom hardware – including a power bank that can extract data from the device and send it to hackers.
Xinjiang Ties
Analysts said the leak also pointed to I-Soon’s bid for contracts in northwest China’s Xinjiang, where Beijing is accused of detaining hundreds of thousands of mostly Muslim residents as part of an alleged anti-extremism campaign. The US has called it genocide.
“The company listed other terror-related targets that the company had previously hacked as evidence of their ability to carry out these missions, including targeting counter-terrorism centers in Pakistan and Afghanistan,” SentinelLabs analysts said.
The leaked data also revealed the rewards the hackers could earn, including $55,000 for breaking into a Vietnamese government ministry.
A cached version of the company’s website showed that the company also runs an institute dedicated to “carrying out the spirit” of President Xi Jinping’s “important directives” on developing cybersecurity education and expertise.
The FBI has said that China has the largest hacking program of any country.
Beijing has dismissed the allegations as “baseless” and pointed to the United States’ own history of cyber espionage.
Pieter Arntz, a researcher at Malwarebytes, said the leak is likely to “rattle some cages for the infected units.”
“As such, it could potentially cause a shift in international diplomacy and expose gaps in the national security of many countries.”