Data Leak Exposes China’s Hackers For Hire 

Uploaded on 2024-02-26 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW

For a long time China's government  has used the deniability of private companies in offensive operations to hack foreign governments. Now, evidence is emerging of exactly how these 'hackers for hire' operate.  

A large scale leak of files originating from Chinese cyber security vendor I-Soon has been found GitHub that exposes the extent of its involvement in global surveillance operations, including targeting countries and organisations such as Taiwan, India, Indonesia, Nigeria, Nato and the UK.

The files, which are a mixture of chat logs, company prospectuses and data samples, reveal the extent of China’s intelligence gathering operations, while also highlighting the market pressures felt by the country’s commercial hackers as they compete for business. The leaked information exposes the hacking tools employed by I-Soon to gather intelligence, including methods to uncover identities on social media platforms and access emails, despite platforms like Facebook being inaccessible in China.

What sets I-Soon apart is its arsenal of sophisticated Remote Access Trojans (RATs) capable of infiltrating major operating systems, including Linux, Windows, macOS, iOS and Android. Particularly alarming is the Android attack code, which purportedly enables the extraction of extensive messaging histories from Chinese chat applications and Telegram.

I-Soon appears to have worked with, and later been embroiled in a commercial dispute with, another Chinese hacking outfit, Chengdu 404, whose hackers have been indicted by the US Department of Justice for cyber-attacks on companies in the US as well as pro-democracy activists in Hong Kong, among other targets.

The services available from I-Soon are varied. The company claimed to be able to hack accounts on X, obtain personal information from Facebook, obtain data from internal databases and compromise various operating systems including Mac and Android. Perhaps the most serious is the use of an  Android attack code, claimed to be  capable of extracting extensive messaging histories from Chinese chat applications and Telegram. 

In one of the files there is a screenshot of a folder entitled “Notes from the secretariat of European Affairs of North Macedonia”. Another screenshot shows files that appear to relate to the EU, including one entitled “Draft EU position with regard to COP 15 part 2”. The file names reference an encryption system used by EU entities to secure official data.

The leaked documents also outline the use of hardware hacking devices by I-Soon, including a malicious power bank designed to surreptitiously upload data into victims’ systems.

GitHub:  |    @Unit42_Intel      |     Guardian:    |    New York Times:   |     France24:   |    DigitFYI:     |   

 Times of India:    |    Bloomberg    |    SentinelOne:   |    Computing:  

You Might Also Read: 

Hackers Operated Undetected In Critical US Networks 

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible





 

« Defending Against These Common Types Of Cyber Attack
DMARC Email Validation: Cracking Down On Fraud »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

Certego

Certego

Certego is a company of the VEM Sistemi Group specialised in providing managed computer security services and to combat Cyber Crime.

SKOUT Secure Intelligence

SKOUT Secure Intelligence

SkOUT Secure Intelligence (formerly Oxford Solutions) provides cyber security monitoring services to organizations around the globe.

IronNet Cybersecurity

IronNet Cybersecurity

IronNet’s product and services provide enterprise-wide security management and visibility of your network, users and assets.

Awake Security

Awake Security

Awake Security offer a security solution built on an AI platform that acts like the human brain to sense, detect, and respond to threats you may not even know exist.

Newtech Recycyling

Newtech Recycyling

Newtech Recycyling specializes in the removal and disposal of IT infrastructure which has reached the end of its life cycle.

Internet Infrastructure Investigation

Internet Infrastructure Investigation

Internet Infrastructure Investigation offers a bespoke Internet Governance Solution to your brands online infringement problems.

ByteSnipers

ByteSnipers

ByteSnipers specialize in penetration testings and secure development services. Our focus is on your security.

Dhound

Dhound

Dhound is a cybersecurity company providing web application penetration testing.

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.

Strata Identity

Strata Identity

Strata is pioneering identity orchestration to unify on-premises and cloud-based authentication and access systems for consistent identity management in multi-cloud environments.

HWG Sababa

HWG Sababa

HWG Sababa is a cybersecurity provider that offers a comprehensive suite of strategic managed security solutions, services, and consultancy.

Convergence Networks

Convergence Networks

Convergence Networks is one of North America's leading Managed Services & Security Providers.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.