The documents posted on GitHub on Feb. 16 included product manuals, marketing materials, employee lists, chat records, financial information and details about foreign intrusion. A Feb. 21 report by the Associated Press said two employees of the cybersecurity vendor I-Soon have corroborated the documents' authenticity.
The trove includes a list of contracts signed by I-Soon between July 2016 and June 2021 showing that the majority of its clients are China's regional security agencies. According to NTD News, this adds to I-Soon's proud promotion of the Chinese Ministry of Public Security as one of its partners.
Aside from the contracts, a list of victims is also included in the leaked trove – proving that I-Soon has targeted telecommunications companies, hospitals, universities, organizations and government entities from numerous nations. These countries include France, Egypt, India, Indonesia, Kazakhstan, Malaysia, Mongolia, Nepal, South Korea, Taiwan, Thailand, the Philippines and Vietnam.
One document even disclosed that I-Soon charged more money for hacking into Vietnam's Ministry of Industry and Trade than for hacking into two other Vietnamese government ministries. Moreover, other internal documents made mention of databases of hacked information reportedly gathered from foreign networks worldwide that are advertised and sold to Chinese law enforcement.
We are building the infrastructure of human freedom and empowering people to be informed, healthy and aware. Explore our decentralized, peer-to-peer, uncensorable Brighteon.io free speech platform here. Learn about our free, downloadable generative AI tools at Brighteon.AI. Every purchase at HealthRangerStore.com helps fund our efforts to build and share more tools for empowering humanity with knowledge and abundance.
"The I-Soon incident should once again remind everyone that network security is national security," said tech expert Chiang Ya-chi, president of the Taiwan Law and Technology Association. "There is a war without gunpowder, and it is happening in cyberspace."
According to Chiang, the leaked documents show that the Chinese Communist Party (CCP) is financing I-Soon. In exchange, Beijing makes use of tools made by I-Soon and other corporations to invade foreign governments and entities. (Related: More sophisticated Chinese cyberattacks target US firms, government agencies, defense contractors.)
Per Chinese government records, I-Soon was established in Shanghai in 2010. It has branches in three other cities, including in the southwestern city of Chengdu. Leaked slides have disclosed that the Chengdu branch is responsible for hacking, research and development.
The company's website was fully offline in the wake of the leak. An I-Soon representative declined an interview request and said the company would release an official statement at an undetermined future date.
Chinese law enforcement appear to be using I-Soon's tools to control dissent on overseas social media and inundate opponents with pro-Beijing content. While Beijing possesses instant censorship and overarching surveillance domestically, it lacks that capability on overseas sites.
Since the recent online dump, several researchers and experts have issued their analysis of the documents written in simple Chinese.
According to Mareike Ohlberg, a senior fellow in the Asia Program of the German Marshall Fund, control of critical posts domestically is crucial to handle public opinion and prevent anti-government sentiment. "Chinese authorities have a big interest in tracking down users who are based in China," she commented.
John Hultquist, chief threat analyst of Google's Mandiant cybersecurity division, said the leaked documents from I-Soon also suggest that the Chinese Ministry of State Security and the People's Liberation Army are included in the company's sponsor list. However, he noted that the source of the leak could be "a rival intelligence service, a dissatisfied insider, or even a rival contractor."
Dakota Cary, a China analyst with the California-based cybersecurity firm SentinelOne, meanwhile pointed out that the documents seem legitimate. This, he explained, is because they align what would be anticipated from a contractor hacking on behalf of China's security apparatus with domestic political priorities.
"We see a lot of targeting of organizations that are related to ethnic minorities – Tibetans, Uyghurs. A lot of the targeting of foreign entities can be seen through the lens of domestic security priorities for the government," added Cary.
Follow CyberWar.news for more news about Beijing-backed hackers attacking America.
Watch Tiffany Meier put in her two cents on the leaked document revealing China's state-backed hacking efforts.
This video is from the Pool Pharmacy channel on Brighteon.com.
Pentagon report warns of China's cyber preparations for war following hacking of U.S. military bases.
Sources include: