A massive data leak analyzed by experts this week revealed that a Chinese tech security firm managed to infiltrate foreign governments, infiltrate social media accounts and hack personal computers.
Documents from I-Soon, a private company competing for Chinese government contracts, show hackers breached the security of more than a dozen governments, according to cybersecurity firms SentinelLabs and Malwarebytes.
I-Soon also breached “democracy organizations” in China’s semi-autonomous city of Hong Kong, universities and the NATO military alliance, SentinelLabs researchers wrote in a blog post Wednesday.
The leaked data, the contents of which AFP could not immediately verify, was published on online software repository GitHub by an unknown person last week.
“The leak reveals the maturing nature of China’s cyberespionage ecosystem, offering some of the most concrete details yet publicly available,” SentinelLabs analysts said.
I-Soon managed to infiltrate government offices in India, Thailand, Vietnam and South Korea, among others, Malwarebytes said in a separate post on Wednesday.
I-Soon’s website was not available Thursday morning, but an internet archive snapshot of the site from Tuesday shows it is based in Shanghai and has subsidiaries and offices in Beijing, Sichuan, Jiangsu and Zhejiang.
The company did not respond to a request for comment.
Asked by AFP on Thursday whether Beijing had contracted hackers, China’s foreign ministry said it was “not aware” of the situation.
“In principle, China firmly opposes all forms of cyber attacks and takes tough measures against them in accordance with the law,” spokesman Mao Ning said.
– Cheats for contracts –
The leak contains hundreds of files showing chat logs, presentations and target lists.
Among the leaks, AFP found lists of Thai and UK government departments, as well as screenshots of someone’s attempts to log into their Facebook account.
Other screenshots showed discussions between an employee and a manager over salaries, as well as a document describing software aimed at accessing a target’s Outlook emails.
“As the leaked documents demonstrate, third-party contractors play a key role in facilitating and executing many of China’s offensive operations in cyberspace,” SentinelLabs analysts wrote. said.
In a screenshot of a chat app conversation, someone describes the customer’s request for special access to “the foreign ministry’s office, the foreign ministry’s ASEAN office, the prime minister’s office national intelligence agency” and other government departments of an unnamed country.
Analysts who examined the files said that the company also offers potential customers the opportunity to enter individuals’ accounts on social media platform X, monitor their activities, read their private messages and post.
It also revealed how the firm could allow hackers to remotely access and hijack a person’s computer, allowing them to execute commands and monitor what they type.
Other services included ways to breach Apple’s iPhone and other smartphone operating systems, as well as specialized hardware, including a power bank that could pull data from a device and send it to hackers.
– Xinjiang ties –
Analysts said the leak also showed I-Soon bidding for contracts in China’s northwestern region of Xinjiang; where Beijing is accused of detaining hundreds of thousands of mostly Muslim people as part of a campaign against alleged extremism. The US called this genocide.
“The company listed other terrorism-related targets the company has previously hacked, including targeting counterterrorism centers in Pakistan and Afghanistan, as evidence of their ability to carry out these missions,” SentinelLabs analysts wrote. said.
The leaked data also revealed the fees hackers could earn; this included $55,000 from breaking into a government ministry in Vietnam.
A cached version of the company’s website showed that the firm also operates an institute dedicated to “implementing the spirit” of President Xi Jinping’s “important instructions” to improve cybersecurity education and expertise.
The FBI says China has the largest hacking program of any country.
Beijing dismissed the allegations as “baseless” and pointed to the United States’ own history of cyberespionage.
Pieter Arntz, a Malwarebytes researcher, said the leak will likely “shake some of the cages on leaked assets.”
“Thus, it could possibly cause a shift in international diplomacy and reveal vulnerabilities in the national security of many countries.”
oho-tjx-sbr/dhw