BEIJING – A recent extensive data leak, examined by experts this week, has revealed that a Chinese tech security firm managed to infiltrate foreign governments, penetrate social media accounts, and compromise personal computers.
The leaked documents from I-Soon, a private company vying for Chinese government contracts, indicate that its hackers successfully breached over a dozen governments, as reported by cybersecurity firms SentinelLabs and Malwarebytes.
In addition to governmental entities, I-Soon also targeted “democracy organizations” in Hong Kong, universities, and even the NATO military alliance, according to researchers at SentinelLabs in a blog post published on Wednesday.
While the leaked data’s authenticity couldn’t be immediately confirmed by Agence France Presse, it was made public last week on the online software repository GitHub by an unknown individual.
“The leak provides some of the most concrete details seen publicly to date, revealing the maturing nature of China’s cyber espionage ecosystem,” SentinelLabs analysts said.
According to Malwarebytes in a separate post on Wednesday, I-Soon managed to breach government offices in countries such as India, Thailand, Vietnam, and South Korea.
As of Thursday morning, I-Soon’s website was inaccessible. However, an internet archive snapshot of the site from Tuesday indicates that it is headquartered in Shanghai, with subsidiaries and offices in Beijing, Sichuan, Jiangsu, and Zhejiang.
Despite requests for comment, the firm did not respond.
When questioned by AFP on Thursday regarding whether Beijing contracted hackers, China’s foreign ministry stated that it was “not aware” of the case.
“As a principle, China firmly opposes all forms of cyberattacks and cracks down on them in accordance with law,” spokesperson Mao Ning said.
The leaked data comprises hundreds of files, including chatlogs, presentations, and lists of targets.
Among the leaks, AFP discovered what seemed to be lists of Thai and UK government departments, alongside screenshots depicting efforts to log into an individual’s Facebook account.
Furthermore, other screenshots displayed disputes between an employee and a supervisor regarding salaries. Additionally, there was a document outlining software designed to access a target’s Outlook emails.
“As demonstrated by the leaked documents, third-party contractors play a significant role in facilitating and executing many of China’s offensive operations in the cyber domain,” SentinelLabs analysts said.
In a screenshot of a chat app conversation, an individual describes a client’s request for exclusive access to various government departments, including the “foreign secretary’s office, foreign ministry’s ASEAN office, prime minister’s office, national intelligence agency,” and others in an undisclosed country.
