Beijing has eyes everywhere. His secret? Here is a tiny part revealed thanks to a major data leak from the company i-Soon. Through more than 570 files and images, we learn how the Chinese IT service provider infiltrated foreign powers, social network accounts and personal computers. Experts from SentinelLabs and Malwarebytes, American cybersecurity companies, say that the incriminated company has interfered in the systems of around ten governments. Also concerned are pro-democracy organizations in Hong Kong, as well as NATO.
I-Soon presents itself as a company specializing in IT security and has applied for tenders from the Chinese government. While its website was not accessible Thursday morning, online records dating from Tuesday indicate that the company is based in Shanghai with offices in Beijing and several Chinese provinces, including Sichuan (southwest). His data was posted on February 16 on the GitHub sharing site. “The leak provides some of the most concrete details made public to date” about China’s alleged espionage and reveals its “maturity,” writes SentinelLabs in a report published Wednesday, February 21.
The author of the leak and his motives are not known but it “provides unprecedented insight into the internal operations of a state-affiliated hacking service provider,” according to SentinelLabs. In other words, we go behind the scenes of i-Soon. For example, how its employees can access a person’s computer, take control of it remotely and monitor what they type. Still according to these documents, i-Soon also offers to hack phone operating systems, including the Apple iPhone.
Among I-Soon’s feats of arms: the infiltration of ministries in India, Thailand, Vietnam and South Korea, according to another report published Wednesday, February 21, by Malwarebytes. At least twenty foreign governments and territories are affected. For example, one listing is observed to feature numerous flight records of a Vietnamese airline, including travelers’ ID numbers, occupations, and destinations.
$55,000 to break into a ministry in Vietnam
The company would also have collected road data from Taiwan, the island of 23 million inhabitants that China claims as its territory. Information that could prove useful to the Chinese army in the event of an invasion of Taiwan. Closer to home, another file shows staff discussing a list of targets in Britain, including its Home and Foreign Offices as well as the Treasury. Also included were British think tanks Chatham House and the International Institute for Strategic Studies.
In the leaked documents, AFP found what appeared to be lists of ministries in Thailand and the United Kingdom, and screenshots of attempts to log into a person’s Facebook account. We also discover a heated conversation between an i-Soon employee and a manager about his remuneration. Many hackers work for less than $1,000 a month, a surprisingly low salary even in China, said Adam Kozy, a former FBI analyst who wrote a book on Chinese hacking in the Washington Post. A file details bonuses for hackers, including a payment of $55,000 (50,780 euros) to break into a ministry in Vietnam.
“As the leaked documents show, third-party companies play an important role in facilitating many of China’s attacks in the cyber domain,” SentinelLabs believes. Another screenshot describes a client request to illegally access the computer systems of the foreign minister, the prime minister’s office, the national intelligence agency and other ministries of an unnamed country. Experts who analyzed the data leak indicate that i-Soon offered to take control of an account on the social network X (formerly Twitter) in order to monitor the activity of a target user.
Minorities targeted by Chinese espionage
According to leaks, i-Soon applied for tenders from the authorities of the Xinjiang region (northwest China) to carry out hacking operations there. After several deadly attacks, the authorities have imposed draconian measures in this region for more than a decade in the name of anti-terrorism. Western studies, based on interpretations of official Chinese documents, testimonies of alleged victims and statistical extrapolations, accuse the authorities of repression against the Uighurs, one of the indigenous minorities of Xinjiang.
The i-Soon company is part of “an ecosystem of subcontractors linked to the Chinese patriotic hacking scene, which developed two decades ago and has since become legitimate”, underlines John Hultquist, chief analyst of Mandiant Intelligence, a cybersecurity company owned by Google Cloud in the New York Times. Groups like i-Soon portray themselves as essential to the Communist Party’s broader campaign to eliminate threats to its power in cyberspace. So China is increasingly turning to private companies in campaigns to hack foreign governments and control its domestic population.
For its part, the Chinese Ministry of Foreign Affairs affirmed Thursday during a regular press briefing that it “was not aware” of this affair. “As a matter of principle, China resolutely opposes all forms of cyberattacks and fights them in accordance with the law,” said Mao Ning, a spokesperson for the ministry, in response to a question on the subject. However, for several years, Beijing seems to have proven the opposite by encouraging rivalry in computer hacking. For his part, the New York Timess recalls that U.S. government officials have repeatedly warned of Chinese hacking efforts. The question is how far will Beijing go?