During the weekend, a cache of files and documents, allegedly stolen from the Chinese government hacking contractor I-Soon, was posted online.
This leak provides cybersecurity researchers and rival governments with a unique opportunity to gain insights into the Chinese government hacking operations conducted by private contractors.
Similar to the hack-and-leak operation that targeted the Italian spyware maker Hacking Team in 2015, the I-Soon leak includes company documents and internal communications that indicate involvement in hacking activities across various countries.
The leaked files were initially shared on GitHub on Friday, prompting extensive analysis by observers of Chinese hacking operations.
According to Jon Condra, a threat intelligence analyst at Recorded Future, this leak represents a significant breach of data related to a company suspected of providing cyber espionage services for the Chinese security services.
For John Hultquist, the chief analyst at Mandiant, this leak offers deep insights into the inner workings of an intelligence operation, which is a rare occurrence.
Various researchers, including Dakota Cary from SentinelOne and Matthieu Tartare from ESET, have acknowledged the potential impact of the leak on threat intelligence analysis and cybersecurity practices.
Further analysis by researchers reveals the extent of I-Soon’s involvement with Chinese government agencies and their connections to hacking groups like APT41.
Notably, the leak also sheds light on I-Soon’s activities targeting minority groups like Tibetans and Uyghurs, as well as their collaboration with Chinese security agencies.
Additionally, insights from the leaked documents provide details about employee pay, daily operations, and the nature of cyber operations carried out by I-Soon.
I-Soon’s “WiFi Near Field Attack System, a device to hack Wi-Fi networks, disguised as an external battery. (Screenshot: Azaka)
Researchers have raised concerns about the potential impact of mercenary hacking groups like I-Soon on future cybersecurity threats and government-targeted activities.
The leak indicates a shift in tactics by threat actors working as contractors for the Chinese government and emphasizes the need for continued vigilance and adaptation in cybersecurity practices.
Contact Us
Do you have more information about I-Soon or Chinese government hacks? Reach out securely to Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382, or via Telegram, Keybase, and Wire @lorenzofb, or email. You can also contact TechCrunch via SecureDrop.
The leaked documents have sparked speculation about the motives behind the leak, with suggestions pointing to a disgruntled insider as a likely source.
As the investigation into the leak continues, the implications of the exposed information on cybersecurity practices and government relations remain a topic of interest within the cybersecurity community.
Despite inquiries to the Chinese Embassy and I-Soon, responses have not been forthcoming, leaving the origins of the leak and its potential ramifications for the future uncertain.
