Data Leak Exposes China’s Hackers For Hire 

Uploaded on 2024-02-26 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW

For a long time China's government  has used the deniability of private companies in offensive operations to hack foreign governments. Now, evidence is emerging of exactly how these 'hackers for hire' operate.  

A large scale leak of files originating from Chinese cyber security vendor I-Soon has been found GitHub that exposes the extent of its involvement in global surveillance operations, including targeting countries and organisations such as Taiwan, India, Indonesia, Nigeria, Nato and the UK.

The files, which are a mixture of chat logs, company prospectuses and data samples, reveal the extent of China’s intelligence gathering operations, while also highlighting the market pressures felt by the country’s commercial hackers as they compete for business. The leaked information exposes the hacking tools employed by I-Soon to gather intelligence, including methods to uncover identities on social media platforms and access emails, despite platforms like Facebook being inaccessible in China.

What sets I-Soon apart is its arsenal of sophisticated Remote Access Trojans (RATs) capable of infiltrating major operating systems, including Linux, Windows, macOS, iOS and Android. Particularly alarming is the Android attack code, which purportedly enables the extraction of extensive messaging histories from Chinese chat applications and Telegram.

I-Soon appears to have worked with, and later been embroiled in a commercial dispute with, another Chinese hacking outfit, Chengdu 404, whose hackers have been indicted by the US Department of Justice for cyber-attacks on companies in the US as well as pro-democracy activists in Hong Kong, among other targets.

The services available from I-Soon are varied. The company claimed to be able to hack accounts on X, obtain personal information from Facebook, obtain data from internal databases and compromise various operating systems including Mac and Android. Perhaps the most serious is the use of an  Android attack code, claimed to be  capable of extracting extensive messaging histories from Chinese chat applications and Telegram. 

In one of the files there is a screenshot of a folder entitled “Notes from the secretariat of European Affairs of North Macedonia”. Another screenshot shows files that appear to relate to the EU, including one entitled “Draft EU position with regard to COP 15 part 2”. The file names reference an encryption system used by EU entities to secure official data.

The leaked documents also outline the use of hardware hacking devices by I-Soon, including a malicious power bank designed to surreptitiously upload data into victims’ systems.

GitHub:  |    @Unit42_Intel      |     Guardian:    |    New York Times:   |     France24:   |    DigitFYI:     |   

 Times of India:    |    Bloomberg    |    SentinelOne:   |    Computing:  

You Might Also Read: 

Hackers Operated Undetected In Critical US Networks 

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible





 

« Defending Against These Common Types Of Cyber Attack
DMARC Email Validation: Cracking Down On Fraud »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CW Jobs

CW Jobs

CWJobs.co.uk is a leading specialist IT recruitment website covering all areas of IT including Cyber Security.

Teneo

Teneo

Teneo is a Solutions Provider focused on reducing complexity. We combine leading technology with deep expertise to create new ideas on how to simplify IT operations.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

Adroit Technologies

Adroit Technologies

Adroit Technologies has been developing award winning real-time software for the industrial automation markets for over 25 years.

ReversingLabs

ReversingLabs

ReversingLabs develops cyber threat detection and mitigation tools that address the the latest directed attacks, advanced persistent threats and polymorphic malware.

SCADASUDO

SCADASUDO

SCADASUDO is a cyber solution architecture and design office, established by leading experts in the field of OT (Industrial control) and IT (information Technology).

ThreatSwitch

ThreatSwitch

ThreatSwitch a software platform for cleared federal contractors to get and stay compliant with NISPOM and Conforming Change 2.

BIG Cyber

BIG Cyber

BIG Cyber is a specialized Managed Security Service Provider (MSSP) dedicated to bringing military grade cyber security technology to the gaming industry.

D2 Network Associates (D2NA)

D2 Network Associates (D2NA)

D2NA help businesses deliver and achieve their goals, through innovative IT solutions, robust cyber security services and proactive IT managed services.

HiSolutions

HiSolutions

HiSolutions is a renowned consulting firms for IT governance, risk & compliance in Germany, combining highly specialized know-how in the field with profound process competence.

One82

One82

Serving emerging small and medium-sized businesses in California and neighboring regions for over 20 years, One82 has established itself as the most dependable provider of IT support services.

Avalor

Avalor

Avalor are on a mission to help security teams make faster, more accurate decisions by making sense of their data. With Avalor you can bring in data from anywhere, normalize it and analyze it.

Fulcrum IT Partners

Fulcrum IT Partners

Fulcrum IT Partners is the parent company of an expanding portfolio of established IT solution companies around the world with proven expertise in cyber security, cloud, and managed services.

RightSec

RightSec

RightSec is an emerging market leader and solution provider for cybersecurity and digital resiliency. We provide end to end solutions to suit your specific business lifecycle.

OmniIndex

OmniIndex

OmniIndex PostgresBC is the only commercial solution allowing you to keep your most sensitive and critical data encrypted while analyzing it. Structured and unstructured.

A&O Shearman

A&O Shearman

A&O Shearman is a law firm at the forefront of the forces changing the current of global business: energy transition, life sciences, technology, private capital, finance and beyond.