Photo: Reproduction
History has shown that hackers have attacked more than ten governments, universities and democratic organizations
The leaked data, the contents of which AFP could not initially verify, was published last week by an unknown party on the platform's GitHub forum. “The leak presents some of the most concrete details ever published and shows the maturity of the Chinese cyber espionage ecosystem,” analysts at SentinelLabs told the French agency.
According to cybersecurity firms SentinelLabs and Malwarebytes, documents from ISoon, a private company that competes for Chinese government tenders, show that hackers have attacked more than ten governments. ISoon also attacked “democratic organizations” in Hong Kong, universities and the North Atlantic Treaty Organization (NATO), SentinelLabs researchers pointed out.
The materials revealed eightyear efforts to reach databases and capture communications in India, Thailand, Taiwan, Vietnam and South Korea, as well as elsewhere in Asia. The files also revealed a campaign to closely monitor the activities of China's ethnic minorities and online gambling companies. The data included records of apparent correspondence between employees, hit lists and material showing cyber attack tools.
For example, the hacked information included a large database of the road network of Taiwan, an island democracy that China has long claimed and threatened to invade. The 2021 data shows how companies like ISoon collect information that could be militarily useful, experts interviewed by The New York Times said. China's own government has long considered Chinese drivers' navigation data confidential and has placed strict limits on who can collect that data.
“Discovering the terrain of the road is crucial for planning tank and infantry movements around the island en route to occupying population centers and military bases,” Dmitri Alperovitch, a cybersecurity expert, emphasized to the NYT.
“Part of an ecosystem”
For Google's Mandiant Intelligence chief analyst John Hultquist, the data shows that the company worked for a number of Chinese government agencies that support hackers, including the Ministry of State Security, the People's Liberation Army and China's National Police. At times, company representatives focused on destinations abroad. In other cases, they assisted the Chinese Ministry of Public Security in monitoring Chinese citizens at home and abroad.
“We have every reason to believe that this is authentic data from a contractor supporting global and domestic cyberespionage operations outside of China,” he remarked to the American newspaper, adding, alluding to the emergence of nationalist hackers who are too have become a kind of cottage industry that: They are part of an ecosystem of service providers with ties to the patriotic Chinese hacking scene that emerged two decades ago and has since become legitimate.
ISoon's website was unavailable Thursday morning, but according to an archive screenshot of the site, the company is headquartered in Shanghai and has subsidiaries and offices in Beijing, Sichuan, Jiangsu and Zhejiang. The company did not respond to a request for comment from AFP.
When asked by the French authorities, the Chinese Foreign Ministry said it was not aware of the case. “In principle, China vehemently rejects any kind of cyberattacks and prosecutes them in accordance with the law,” said ministry spokeswoman Mao Ning.
The Chinese government's use of private contractors to hack on its behalf is inspired by the tactics of Iran and Russia, which have for years used nongovernmental organizations to pursue commercial and official goals, according to the American newspaper.
Applications and governments in the crosshairs
The leak, published online, contains hundreds of files containing recordings of chats, presentations and lists of targets. Among the documents, AFP apparently found a list of government targets from Thailand and the United Kingdom, as well as screenshots of attempts to access individual Facebook accounts.
“As the leaked documents show, third parties play an important role in facilitating and executing many of China’s offensive operations in the cyber domain,” SentinelLabs analysts said.
In a screenshot from a messaging app, an employee appears to describe a request from a customer who wants exclusive access to the “Office of the Secretary of State, the Southeast Asia Office of the Foreign Office, the National Intelligence Office from the Prime Minister's Office” and other government departments in an unknown country.
Analysts who examined the files said the company offered potential customers the ability to access accounts on the social network X (formerly Twitter), monitor their activity and read private messages.
They also highlighted that the company had integrated technologies to hack into Outlook email accounts and retrieve information such as contact lists and location data from Apple's iPhone and the operating systems of other smartphone models, as well as an external battery that retrieves data from a extract device and send it to hackers.
According to the same sources, the leak shows that ISoon participated in tenders in China's Xinjiang region. The government in Beijing is accused of detaining hundreds of thousands of Muslims in the region as part of a campaign against suspected extremists, which the US government classifies as genocide.
The leak also reveals the amounts paid to hackers, including the amount of $55,000 (R270,000) for a lawsuit against a Vietnamese government ministry. The software that helped carry out disinformation campaigns and hack accounts on X cost $100,000 (almost R$495,000). For US$278,000 (R1.3 million), Chinese customers could get a treasure trove of personal information behind social media accounts on platforms such as Telegram and Facebook.
A cached version of the company's website shows that ISoon also runs an institute dedicated to “implementing the spirit of President Xi Jinping's important directives on cybersecurity development.” The FBI claims that China has the largest hacking program in the world, something Beijing denies.
The findings about the Chinese attacks tend to confirm the fears of policymakers in Washington, where officials have repeatedly issued dire warnings about these hackers. Last weekend, Christopher A. Wray, director of the Federal Bureau of Investigation (FBI), told the NYT in Munich that China's hacking operations are now “on a scale greater than what we have seen before” against the United States and classified them as the most important national security threats to the country. (With AFP and NYT)