A major data breach from a Chinese cybersecurity company reveals national security agencies paying tens of thousands of pounds to collect data on targets including foreign governments, while hackers They collect vast amounts of information about people and institutions that may be interested in your company. Their potential customers.
A cache of more than 500 leaked files from Chinese company I-Soon has been posted on the developer’s website Github, and cybersecurity experts believe they are genuine. Among the targets being discussed are NATO and the UK Foreign Office.
The leak provides unprecedented insight into China’s world of hackers-for-hire, with Britain’s security chief calling it a “huge” challenge for the country.
The files, a mix of chat logs, company prospectuses and data samples, reveal the scope of China’s intelligence-gathering operations and also highlight the market pressures felt by the country’s commercial hackers vying for business in a struggling economy. I have to.
Yisun is believed to have collaborated with another Chinese hacker group, Chengdu 404, and was later involved in a commercial dispute. The Chengdu 404 hackers have been indicted by the US Department of Justice for cyberattacks on US companies. Hong Kong democracy activists and others have been targeted.
Other targets discussed in the I-Soon leak include the British think tank Chatham House, the public health agencies of Asean countries and the foreign ministry. Some of this data appears to have been collected according to specifications, while in other cases special agreements have been made with the Chinese Public Security Bureau to collect certain types of data.
A spokesperson for Chatham House said: “We are aware that this data has come to light and are understandably concerned. Chatham House takes the security of our data and information very seriously. In the current situation, we Like many organizations, it is the target of regular attacks from both state and non-state actors.
“We have safeguards in place, including technology-based safety measures that are regularly reviewed and upgraded.”
“The Alliance faces persistent cyber threats and is preparing for this by investing in large-scale cyber defense,” a NATO official said. NATO considers all claims regarding cyber threats. ”
The British Foreign Office declined to comment.
The services provided by I-Soon are wide-ranging. In one example, the public security bureau of a city in Shandong province paid him nearly £44,000 to gain access to the email inboxes of 10 targets over a one-year period.
The company claimed it could hack accounts on X, obtain personal information from Facebook, retrieve data from internal databases, and compromise various operating systems, including Mac and Android.
One of the files is a screenshot of a folder titled “Notes from the North Macedonian Office of European Affairs.” Another screenshot shows files that appear to be related to the EU, including one titled “Draft EU position on COP 15 Part 2.” The file name refers to the encryption system used by EU institutions to protect official data.
In some cases, the purpose of data collection may not be clear. “The Chinese state is essentially collecting as much data as possible,” said Alan Woodward, a computer security expert at the University of Surrey. “They just want as much information as possible in case it turns out to be helpful.”
Woodward noted that unlike Russian state-backed hackers, which carry out ransomware attacks and other destructive activities, Chinese efforts tend to focus on collecting large amounts of data. “Some of it could be interpreted as laying the groundwork for destructive effects at a later stage,” Woodward said.
After newsletter promotion
Last year, a Congressional Intelligence and Security Committee report on China stated that “China’s cyber expertise enables it to target a wide variety of organizations, data sets, and increasingly anomalous entities.” Ta. Experts believe that the purpose of data collection may be to identify potential targets for human intelligence operations.
Mr. Isun also targeted domestic victims. In an undated cooperation agreement with local authorities in Xinjiang, Mr. Yisun said he could provide “counterterrorism” support to local police monitoring Uyghurs. I-Soon said he has more than 10 years of experience in accessing “various server and intranet permissions in multiple countries.”
The company claimed to have obtained data from Pakistan’s counter-terrorism authorities and Pakistan’s postal service. Pakistan’s embassy in London did not respond to requests for comment.
Some of the promises made to customers may have included pushy sales practices. During one discussion, an employee asked, “Are our customers cheating us or are we cheating our customers?” The employee continued, “It’s normal for companies to mislead customers about their capabilities, but it’s not okay for companies to mislead their employees.”
Mei Danowski, a Chinese cybersecurity expert and author of the newsletter Natto Thoughts, said: [Chinese hackers] “Oh, the state is giving them cash to do something.” The truth is, these leaked documents are not true. They have to go and look for business. They have to build a reputation. ”
Other chat logs were surprisingly unremarkable. Employees discussed COVID-19 and financial pressures at I-Soon. “From the beginning, everyone knew and understood that the company was in a difficult situation. After all, the epidemic is very serious,” one worker wrote in March 2021. There is. However, they complained that Mr. Yi-sun “did not say he would not pay wages.”
By the following year, internal pressure seemed to have intensified. CEO Wu Haibo, who uses the pseudonym Shutd0wn, said the loss of core staff had damaged customer confidence and led to a loss of business. Mr. Wu did not respond to requests for comment.
“My boss is very worried. I don’t know if the company will survive until the end of the year,” one employee wrote in September 2022. In another chat log, employees talked about the company’s slow sales and the deteriorating office atmosphere. One employee said with universal consolation: “If I couldn’t drink, I’d probably scream.”