Data Leak Exposes China’s Hackers For Hire 

Uploaded on 2024-02-26 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW

For a long time China's government  has used the deniability of private companies in offensive operations to hack foreign governments. Now, evidence is emerging of exactly how these 'hackers for hire' operate.  

A large scale leak of files originating from Chinese cyber security vendor I-Soon has been found GitHub that exposes the extent of its involvement in global surveillance operations, including targeting countries and organisations such as Taiwan, India, Indonesia, Nigeria, Nato and the UK.

The files, which are a mixture of chat logs, company prospectuses and data samples, reveal the extent of China’s intelligence gathering operations, while also highlighting the market pressures felt by the country’s commercial hackers as they compete for business. The leaked information exposes the hacking tools employed by I-Soon to gather intelligence, including methods to uncover identities on social media platforms and access emails, despite platforms like Facebook being inaccessible in China.

What sets I-Soon apart is its arsenal of sophisticated Remote Access Trojans (RATs) capable of infiltrating major operating systems, including Linux, Windows, macOS, iOS and Android. Particularly alarming is the Android attack code, which purportedly enables the extraction of extensive messaging histories from Chinese chat applications and Telegram.

I-Soon appears to have worked with, and later been embroiled in a commercial dispute with, another Chinese hacking outfit, Chengdu 404, whose hackers have been indicted by the US Department of Justice for cyber-attacks on companies in the US as well as pro-democracy activists in Hong Kong, among other targets.

The services available from I-Soon are varied. The company claimed to be able to hack accounts on X, obtain personal information from Facebook, obtain data from internal databases and compromise various operating systems including Mac and Android. Perhaps the most serious is the use of an  Android attack code, claimed to be  capable of extracting extensive messaging histories from Chinese chat applications and Telegram. 

In one of the files there is a screenshot of a folder entitled “Notes from the secretariat of European Affairs of North Macedonia”. Another screenshot shows files that appear to relate to the EU, including one entitled “Draft EU position with regard to COP 15 part 2”. The file names reference an encryption system used by EU entities to secure official data.

The leaked documents also outline the use of hardware hacking devices by I-Soon, including a malicious power bank designed to surreptitiously upload data into victims’ systems.

GitHub:  |    @Unit42_Intel      |     Guardian:    |    New York Times:   |     France24:   |    DigitFYI:     |   

 Times of India:    |    Bloomberg    |    SentinelOne:   |    Computing:  

You Might Also Read: 

Hackers Operated Undetected In Critical US Networks 

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible





 

« Defending Against These Common Types Of Cyber Attack
DMARC Email Validation: Cracking Down On Fraud »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MetaCompliance

MetaCompliance

MetaCompliance is a cyber security and compliance organisation that helps transform your company culture and safeguard your data and values.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

Joe Security

Joe Security

Joe Security specializes in the development of automated malware analysis systems for malware detection and forensics.

Minerva Labs

Minerva Labs

Minerva’s patent pending solution keeps malware in a constant sleep state before it can infiltrate your network and cause any damage.

Schneider Electric

Schneider Electric

Schneider Electric develops connected technologies and solutions to manage energy and process in ways that are safe, reliable and sustainable.

Database Cyber Security Guard

Database Cyber Security Guard

Database Cyber Security Guard prevents confidential database data theft by Hackers, Rogue Insiders, 3rd Party Cyber Risks, Phishing Email Attacks, Dev Ops Exploits and SQL Injection Attacks.

Cybersecurity Competence Center (C3)

Cybersecurity Competence Center (C3)

The Cybersecurity Competence Center was created to further strengthen the Luxembourg economy in the field of cybersecurity.

Cyber Pathways

Cyber Pathways

Cyber Pathways brings together the next generation of Cyber professionals along with delegates who are looking to cross train and enter the cyber market.

BeyondTrust

BeyondTrust

BeyondTrust is a leader in Privileged Access Management, offering a seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

stackArmor

stackArmor

stackArmor specializes in compliance and security-focused solutions delivered using our Agile Cloud Transformation (ACT) methodology.

Cyber Insurance Academy

Cyber Insurance Academy

Cyber Insurance Academy was founded to provide insurance professionals with the knowledge needed to work in cyber-insurance and cyber-related insurance fields.

Extreme Networks

Extreme Networks

Since 1996, Extreme has been pushing the boundaries of networking technology, driven by a vision of making it simpler and faster as well as more agile and secure.

SEK Security Ecosystem Knowledge

SEK Security Ecosystem Knowledge

SEK helps companies in the complex path of cybersecurity; in the analysis, detection and prevention of digital threats.

Tracer

Tracer

Tracer is a next-generation brand protection solution. It constantly finds, analyzes, and stops brand abuse across Web2 and Web3 digital channels.