A series of documents from a Chinese security firm working for Chinese government agencies showed extensive efforts to hack into many foreign governments and telecommunications companies, particularly in Asia, as well as targeting the country’s domestic surveillance apparatus.
The documents, published last week on a public website, reveal an eight-year attempt to attack databases and intercept communications in South Korea, Taiwan, Hong Kong, Malaysia, India and other parts of Asia.
The documents also revealed a campaign to closely monitor the activities of ethnic minorities in China and online gambling companies.
The files included records of apparent correspondence between employees, as well as target and material lists showing the cyberattack tools.
The documents came from I-Soon, a Shanghai company with offices in Chengdu. Three cybersecurity experts interviewed by the Times said the documents appeared authentic.
The office reception of I-Soon, also known as Anxun in Mandarin, is seen after office hours in Chengdu, southwest China’s Sichuan province, Tuesday, Feb. 20, 2024. Chinese police are investigating a download unauthorized and highly unusual online posting of documents from a private security contractor linked to China’s major law enforcement agencies and other sectors of its government. (AP Photo/Dake Kang)Together, the leaked files offered a glimpse into the secretive world of hackers for hire. supported by the Chinese state.
They highlighted how Chinese authorities and their main spy agency, the Ministry of State Security, have reached beyond their own ranks to tap private sector talent in a global hacking campaign that U.S. officials say has targeted American infrastructure and government.
“We have every reason to believe they are authentic data of a contractor supporting domestic and international cyber espionage operations from China,” said John Hultquist, chief analyst for Mandiant Intelligence at Google.
Hultquist said the data showed that I-Soon was working for a number of Chinese government bodies that sponsor piracy, including Ministry of State Security, the People’s Liberation Army and the Chinese National Police.
“They are part of a contractor ecosystem “which has ties to the patriotic Chinese hacking scene, which developed two decades ago and has since become legitimate,” he added, referring to the rise of hackers nationalists which have become a sort of craft.
Revelation
The files showed how I-Soon was able to draw on a suite of technologies to operate as a hacker clearinghouse for Chinese government branches.
At times, the company’s employees have focused on overseas targets and in other cases have helped China’s feared Ministry of Public Security surveil Chinese citizens at home and abroad.
I-Soon did not immediately respond to emailed questions about the leak.
The materials included in the leak promoting I-Soon’s hacking techniques described technology created to penetrate the email accounts of View and another that could control Windows computers, presumably while evaded 95% of antivirus systems.
I-Presto boasted of having access to data from a variety of governments and companies in Asia, including Taiwan, India, Nepal, Vietnam and Myanmar.
One list showed numerous flight records from a Vietnamese airline, including travellers’ identity numbers, occupations and destinations.
At the same time, I-Soon said it has created technology that can meet the internal demands of Chinese police, including software that can monitor public opinion on social media in China.
Another tool, created specifically to target accounts on X, formerly Twitter, could extract email addresses, phone numbers and other identifiable information related to users’ accounts.
In recent years, Chinese law enforcement has managed to identify activists and government critics who had posted on X using anonymous accounts inside and outside China.
They often then used threats to force X users to remove posts that the authorities deemed too critical or inappropriate.
China’s Foreign Ministry had no immediate response to a request for comment.
X did not respond to a request for comment.
A spokeswoman said the South Korean government declined to comment.
“This is the largest data breach linked to a company suspected of providing targeted cyber espionage and intrusion services to Chinese security services,” said Jonathan Condra, director of strategic and persistent threats at Recorded Future, a security firm informatics.
Analysis of the leak would provide new insights into how contractors collaborate with the Chinese government to carry out cyber espionage activities, he added.
The Chinese government’s use of private contractors to carry out hack attacks on its behalf is inspired by the tactics of Iran and Russia, which for years have used non-governmental entities to pursue commercial and official objectives.
While the fragmented approach to state espionage may be more effective, it has also proven more difficult to control.
Some Chinese contractors have used malware to obtain ransoms from private companies, even while working for China’s spy agency.
Over the past year, U.S. government officials have repeatedly warned about Chinese hacking efforts.
In late January, FBI Director Christopher Wray outlined a broad campaign aimed at attacking American infrastructure, including the power grid, oil pipelines and water systems, in the event of a conflict with Taiwan.
Last year it emerged that the email accounts of several US officials, including Nicola Bruciathe US ambassador to China and Commerce Secretary Gina Raimondo had been hacked.
c.2024 The New York Times Company
Source: Clarin
Mary Ortiz is a seasoned journalist with a passion for world events. As a writer for News Rebeat, she brings a fresh perspective to the latest global happenings and provides in-depth coverage that offers a deeper understanding of the world around us.