An enormous cache of documents and data from a Chinese hacking outfit got leaked by an insider. The state sponsored company, I‑Soon, seems to have a disgruntled mole who made all its secrets public.

Analysts will be poring over the data for months. In today’s SB Blogwatch, we lap it up, like a Pooh laps hunny.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: What will we do?

“Unusual glimpse inside”
A trove of leaked documents … shows that Beijing’s intelligence and military groups are carrying out large-scale, systematic cyber intrusions against foreign governments, companies and infrastructure. … Containing more than 570 files, images and chat logs, [it] offers an unprecedented look inside the operations of one of the firms that Chinese government agencies hire for on-demand, mass data-collecting operations.
…
The files … detail contracts to extract foreign data over eight years and describe targets within at least 20 foreign governments and territories. … Chat logs included in the leak describe selling unspecified data related to NATO. … Another file shows employees discussing a list of targets in Britain. … Hackers with the People’s Liberation Army have breached computer systems in about two dozen key American infrastructure entities over the past year
…
Experts are poring over the documents, which offer an unusual glimpse inside the intense competition of China’s national security data-gathering industry. … iSoon, also known as Auxun, [is] a Chinese firm headquartered in Shanghai. … Part of an ecosystem of contractors that emerged out of a “patriotic” hacking scene established over two decades ago, it now works for a range of powerful [Chinese] government entities including the Ministry of Public Security, the Ministry of State Security and the … military.

“Surveillance operations”
It is no secret that China is a prolific cyber espionage actor. … i-SOON was already on the radar of some cyber security researchers after being sued by a firm from the same city, a company known as ‘Chengdu 404,’ [which] is linked to the cyber espionage group known as APT41. There are also matches in the data leak to Indicators of Compromise (IOCs) from previous cyber espionage campaigns.
…
The files include internal chats, business pitches, documentation describing the company’s products, and what appears to be stolen victim data. … The business documents include pitches and presentations about the company’s services including “penetration testing,” surveillance operations, and also descriptions of:
• Malware designed to run on Windows, macOS, Linux, iOS, and Android;
• A platform to collect and analyse email data;
• A platform to hack into Outlook accounts;
• A Twitter monitoring platform;
• An reconnaissance platform using OSINT data;
• Physical hardware devices meant to be used for on-premises hacking; …
• Communications equipment using a Tor-like network for agents working abroad.

“Disgruntled employees”
The leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry. … The leaked documents, which include candid employee chat conversations and images, show a less public side of i-SOON, one that frequently initiates and sustains cyberespionage campaigns commissioned by various Chinese government agencies.
…
However, the chats include multiple conversations between employees commiserating over long hours and low pay. … Security experts who reviewed the leaked data say they believe the information is legitimate [and] was probably leaked by one of those disgruntled employees.

I have to wonder, was this upload intentional or a mistake? Could be … a Chinese version of Snowden recoiling against the state’s actions.

You mean like the US? I mean this is Assange week after all, let’s not forget what was uncovered that sent him to prison.

Compromised USB battery [that] uploads data. In other words, plants false evidence against … enemies of bureaucrats and leaders within the Chinese government.

A few days ago, files from a contractor for Chinese police quietly dumped online went viral. But though analysts thought the files authentic, they weren’t 100% confident. Now, after a visit to the company’s offices, I can confirm the leak is real.
…
I visited I-Soon’s office in Chengdu. … Security was surprisingly lax — I was able to walk right in and up to the reception. … Employees told me that both the company and Chinese police are investigating how the files were leaked. … This is likely not China’s best and brightest hacking operation.
…
What this all adds up to so far is that these hacks of overseas networks and foreign states is actually for a domestic purpose: Controlling and stifling government critics, dissidents, and repressed minorities, such as Tibetans, Hong Kongers and Uyghurs. … For “social stability” and keeping Chinese citizens in line. … To regulate public opinion. … To keep the internet clean.

US industry: Stop off-shoring to China to make better margins and juice your stock price. You are killing America.
US consumers: Stop buying Made in China when there is an alternative—even if you have to pay more.
…
The job you may save one day may be your own. … China is not our friend.

I’m concerned that with all this talk about cyber, Congress is going to take its eye off the ball, and lose interest in closing the balloon gap.

Recent Articles By Author