Documents held by a Chinese security firm working for Chinese government agencies showed extensive efforts to hack a number of foreign governments and telecommunications companies, as well as domestic surveillance targets, particularly in Asia.
The documents, posted on a public website last week, reveal an eight-year effort to target databases and eavesdrop on communications in Asia, including South Korea, Taiwan, Hong Kong, Malaysia and India. The files also revealed a campaign to closely monitor the activities of China's ethnic minorities and online gambling companies.
The files included clear records of interactions between employees, as well as a list of targets and materials displaying cyber attack tools. The document came from I-Soon, a Shanghai company with offices in Chengdu. Three cybersecurity experts interviewed by the Times said the documents appeared authentic.
Taken together, the leaked files offer a glimpse inside the secret world of China's state-sponsored hackers-for-hire. They say Chinese law enforcement and its top intelligence agency, the Ministry of State Security, have gone above and beyond their ranks to leverage private sector talent in a global hacking operation targeting U.S. infrastructure and government. He emphasized how he is doing everything he can to help.
John Hultquist, principal analyst at Google's Mandiant Intelligence, said: “We have every reason to believe this is genuine data from contractors supporting global and domestic cyber espionage operations from China.” said.
Hultquist said the data shows Yisun worked for various Chinese government agencies that supported the hacking, including the Ministry of State Security, the People's Liberation Army, and the Chinese National Police.
He also cited the emergence of nationalist hackers, which have become a kind of cottage industry, saying, “They are part of an ecosystem of contractors with ties to China's patriotic hacking scene. The hacking scene started 20 years ago. It developed into a law and then became legal,” he added.
The files showed how I-Soon could obtain technology to serve as a hacking clearinghouse for Chinese government agencies. At times, the company's employees focused on foreign targets and at other times helped China's feared Ministry of Public Security monitor Chinese nationals at home and abroad.
Eisen did not immediately respond to emailed questions about the leak.
Materials included in the leak touting I-Soon's hacking techniques include techniques built to infiltrate Outlook email accounts and another that can take control of Windows computers while possibly bypassing 95% of antivirus systems. technology was described. I-Soon boasted that he has access to data from various governments and companies in Asia, including Taiwan, India, Nepal, Vietnam, and Myanmar. One of his lists showed extensive flight records by Vietnamese airlines, including the traveler's girlfriend ID number, occupation, and destination.
At the same time, Yisun said he has built technology that can meet the domestic demands of Chinese police, such as software that can monitor public sentiment on social media within China. Another tool built specifically to target accounts on X can extract email addresses, phone numbers, and other identifiable information related to a user's account.
In recent years, Chinese law enforcement authorities have successfully identified activists and government critics who posted on X using anonymous accounts inside and outside China. Threats were then often used to force X users to delete posts that authorities deemed overly critical or inappropriate.
China's Foreign Ministry did not immediately respond to a request for comment. X did not respond to requests for comment. A spokesperson said the South Korean government would not comment.
“This represents the most significant data breach involving a company suspected of providing cyber espionage and targeted intrusion services to Chinese security services,” said Strategic Persistent Threat Director at cybersecurity firm Recorded Future. Director Jonathan Condra said. He added that analysis of the breach will provide new insights into how contractors are working with the Chinese government to conduct cyber espionage.
The Chinese government's use of private contractors to perform hacking on its behalf borrows tactics from Iran and Russia, which have relied on non-governmental organizations to pursue commercial and public goals for years. be. A sporadic approach to state espionage may be more effective, but it has also proven difficult to control. Some Chinese contractors use malware to collect ransom money from private companies while working for China's spy agencies.
Over the past year, U.S. government officials have repeatedly warned about Chinese hacking activity. In late January, Federal Bureau of Investigation Director Christopher A. Wray described a wide range of operations that would target U.S. infrastructure, including power grids, oil pipelines, and water systems, in the event of a conflict with Taiwan. Last year, it was revealed that the email accounts of a number of US officials, including US Ambassador to China Nicholas Burns and Secretary of Commerce Gina Raimondo, had been hacked.