In mid-February, a vast trove of internal documents from a Chinese hacking contractor was publicly posted to the code-hosting platform GitHub. The leak exposed the inner workings of the firm, i-Soon (Anxun), offering a detailed view into its cyber-espionage services provided to Chinese government agencies. Cybersecurity researchers from firms including SentinelOne and Malwarebytes have analyzed the documents and believe them to be authentic.

The cache contains hundreds of pages of marketing materials, product manuals, client presentations, contracts, and internal chat logs. These files establish a direct link between i-Soon and its primary clientele, which includes China’s Ministry of Public Security (MPS), the country’s top law enforcement and intelligence agency. The documents detail contracts and show the company bidding for hacking projects from various provincial and municipal public security bureaus across China.

A Look Inside the Contractor’s Operations

The leaked data provides an unprecedented look at the day-to-day business of a state-sponsored hacking operation. Included in the spill are spreadsheets listing potential government targets and logs of employee chats on the messaging platform QQ. These conversations reveal internal company details, including employee complaints about compensation and discussions about specific hacking operations and client requirements. The presence of mundane office politics and business concerns within the chat logs lends further credibility to the authenticity of the leak.

Global Targets and Hacking Capabilities

The documents explicitly list the targets of i-Soon’s hacking-for-hire services. The company’s operations focused on governments, telecommunications firms, and pro-democracy organizations across Asia. Specific regions and countries named as targets include Hong Kong, Taiwan, Malaysia, Thailand, India, and Kazakhstan. The firm’s product documents also detail the capabilities of its hacking tools. These include custom malware designed for various operating systems like iOS, Android, and Windows, as well as a specific platform for breaching Microsoft Outlook email accounts. The tools were designed to access and exfiltrate data, monitor communications, and maintain persistent access to compromised networks and devices.

Source: https://www.wired.com/story/major-leak-spills-chinese-hacking-contractor-tools-targets/