Last Updated on 2024/02/22
Chinese police are currently probing an extraordinary online leak of documents from a private security firm, I-Soon (Anxun in Mandarin), which is associated with China’s premier law enforcement body, the Ministry of Public Security, and other government sectors. This leak, revealing extensive surveillance and hacking operations, underscores the depth of state surveillance in China, targeting ethnic minorities, dissidents, and foreign entities.
The leaked documents include a wealth of information, such as contracts, marketing materials, and lists of clients and employees, shedding light on the sophisticated methods employed by Chinese authorities to monitor dissenting voices abroad, infiltrate networks in other countries, and manipulate social media narratives in favor of Beijing. This not only covers regions within China known for anti-government protests, like Hong Kong and Xinjiang, but also extends to Central and Southeast Asia, Taiwan, and users of international social media platforms.
I-Soon’s alleged hacking endeavors span across various nations, aiming to unveil identities of social media users outside China, access private emails, and conceal the digital footprints of Chinese operatives abroad. The firm is also reported to have developed gadgets that could compromise foreign Wi-Fi networks under the guise of everyday objects.
The origin of the leak remains unknown, and the Chinese Foreign Ministry has yet to comment on the matter. Jon Condra of Recorded Future highlights the leak’s significance, pointing out that I-Soon’s targets, as per the leaked data, encompass government bodies, telecommunication companies overseas, and domestic online gambling entities. Previously, I-Soon boasted connections with the Ministry of Public Security and numerous local security departments on its website, which has since gone offline.
Founded in 2010 and headquartered in Shanghai, I-Soon has multiple branches, including one in Chengdu dedicated to hacking, research, and development. The leak presents I-Soon’s technology as pivotal for Chinese police efforts to monitor and control dissent on foreign social media platforms, where censorship and direct surveillance are not as straightforward as on domestic platforms.
Speculations about the leak’s source include possibilities of an internal whistleblower, a competing firm, or foreign intelligence. The leaked documents also indicate I-Soon’s involvement with other high-profile Chinese institutions, including the Ministry of State Security and the People’s Liberation Army.
The leaked information is categorized into several sections including grievances against the company, conversation logs, financial records, product details, employee data, and instances of international espionage. Notably, the data implicates i-Soon in operations against government entities in countries such as India, Thailand, Vietnam, South Korea, and even NATO.
Among the disclosed arsenal of tools, several stand out for their sophistication and potential implications:
A Twitter (now X) stealer capable of extracting a user’s email and phone number, monitoring activities in real-time, accessing personal messages, and posting tweets on behalf of the user.Custom Remote Access Trojans (RATs) designed for both Windows x64/x86 platforms, offering functionalities like management of processes, services, and registry; remote shell access; keylogging; file access monitoring; acquisition of system information; remote disconnection; and uninstallation capabilities.An iOS version of the RAT that purportedly works on all iOS devices without requiring jailbreak, featuring access to hardware information, GPS data, contacts, media files, and even real-time audio recording capabilities. This information dates back to 2020.The Android version claims the ability to extract messages from popular Chinese and international messaging apps like QQ, WeChat, Telegram, and MoMo, alongside capabilities for system app elevation to ensure persistence against internal recoveries.Portable devices designed for internal network attacks and special equipment for operatives to establish secure communications while abroad.A user lookup database containing personal details such as phone numbers, names, and emails, which can be linked with social media profiles.Targeted automatic penetration testing frameworks designed to simulate cyber-attack scenarios.
The disclosure of I-Soon’s operations provides a rare glimpse into the mechanisms of China’s digital espionage and surveillance apparatus, emphasizing the global reach and political motivations behind its cyber activities. The leaked documents reveal the firm’s engagements in cyber espionage, including attempts to track ethnic minorities abroad and infiltrate government networks across several countries, highlighting the vast scope and strategic interests of China’s cyber operations.
Source: AP news