A major data breach at a Chinese cybersecurity company has exposed instances of government security agents paying large sums of money to collect data on specific targets, such as foreign governments. Additionally, hackers are gathering large quantities of information on individuals and organizations who may be of interest to potential customers.
The cache of more than 500 leaked files from the Chinese firm I-Soon was posted on the developer website Github and is thought by cybersecurity experts to be genuine. Some of the targets discussed include Nato and the UK Foreign Office.
The release offers an exceptional understanding of the realm of China’s hired hackers, which the leader of the UK’s security services has described as a daunting obstacle for the nation.
The documents, a mixture of conversations, business plans, and data examples, expose the scope of China’s efforts to gather intelligence. They also shed light on the challenges faced by the country’s corporate hackers as they compete for clients in a struggling economy.
I-Soon was involved in a partnership and subsequent disagreement with Chengdu 404, a Chinese hacking group. Chengdu 404 has been accused by the US Department of Justice of conducting cyber-attacks on American companies, as well as targeting pro-democracy activists in Hong Kong and other entities.
The leaked I-Soon documents reveal that additional targets were also mentioned, such as the British organization Chatham House and the public health bureaus and foreign affairs ministries of Asean countries. It appears that some of this information was collected without a specific purpose, but in other instances, there are contracts in place with Chinese public security bureaus to gather particular types of data.
A representative from Chatham House expressed their awareness and concern about the recently revealed data. The organization places great importance on data and information security, especially in light of the ongoing attempts by both state and non-state actors to breach our systems, which is a common occurrence for many organizations.
“We have implemented protective measures, including regularly reviewing and updating our technology-based safeguards.”
According to a Nato representative, the organization is constantly confronted with cyber threats and has taken measures to defend against them by making significant investments in cyber defense. Nato thoroughly examines all reports of cyber threats.
The Foreign Office of the UK refused to provide a statement.
I-Soon provides a range of services. As an illustration, the public security bureau of a city in Shandong paid approximately £44,000 to gain entry to the email accounts of 10 individuals for a period of one year.
The company boasted the ability to hack accounts on X, access personal information from Facebook, retrieve data from internal databases, and compromise multiple operating systems such as Mac and Android.
View the image in full screen.
One of the documents contains a picture of a folder named “Notes from the secretariat of European Affairs of North Macedonia”. Another document displays files that seem to pertain to the EU, such as one labeled “Draft EU position with regard to COP 15 part 2”. The names of these files mention an encryption method utilized by EU organizations to protect official information.
Sometimes, the intent behind gathering the data is uncertain. According to Alan Woodward, a cybersecurity specialist at the University of Surrey, the Chinese government is essentially amassing a large amount of data for potential future use.
Woodward observed that in contrast to Russian hackers affiliated with the government who carry out ransomware attacks or other forms of disruption, Chinese efforts typically center on collecting large amounts of data. Woodward also mentioned that some of these activities could potentially be seen as preparing for future disruptive actions.
“Move past the promotion for our newsletter.”
after newsletter promotion
The previous year, a report from the intelligence and security committee of parliament regarding China stated that China’s advanced cyber capabilities enable them to target a wide variety of organizations and datasets, including those that are not typically targeted. It is believed by experts that this data collection may be aimed at identifying potential targets for human intelligence operations.
I-Soon also focused on harming individuals within the country. In a collaboration agreement with a Xinjiang government agency, I-Soon claimed to offer assistance in preventing terrorism by helping local police monitor Uyghurs. I-Soon boasted over ten years of knowledge in obtaining server and intranet permissions in various countries.
The company stated that they acquired information from Pakistan’s counter-terrorism agencies and postal service. The embassy of Pakistan in London did not provide a response when asked for a comment.
It is possible that some of the promises made to clients were exaggerated for sales purposes. During a conversation, an employee raised the question: “Are we being misled by our customers, or are we misleading them?” The employee went on to say that while it may be common for companies to deceive customers about their capabilities, it is ultimately detrimental for the company to deceive its own employees.
According to Mei Danowski, a specialist in cybersecurity in China and the writer of the Natto Thoughts newsletter, the common perception of Chinese hackers being funded by the government is not entirely accurate. If the recently leaked documents are genuine, it suggests that these hackers have to actively seek out opportunities and establish their credibility in the industry.
Other chat logs were strikingly mundane. Employees discussed Covid-19 and the financial pressures at I-Soon. “Originally, everyone knew that the company was having a hard time, and they all understood. After all, the epidemic is so severe,” wrote one worker in March 2021. But, they complained, I-Soon “didn’t say they wouldn’t pay us wages”.
In the following year, it appeared that the stress within the company had increased. The CEO, Wu Haibo (also known as Shutd0wn), stated that the departure of key employees had negatively impacted customer trust and resulted in a decrease in business. Wu did not provide a comment when asked.
“I am concerned about the boss,” stated an employee in September 2022. “I am uncertain if the company will make it through the rest of the year.” In a separate conversation, coworkers discussed the company’s declining sales and a negative atmosphere in the office. One employee sought comfort in a common solution: “I may scream if I cannot have a drink.”
Source: theguardian.com
