A series of documents made public on GitHub has unveiled the operations of I-Soon, a Chinese information security vendor, highlighting its provision of cyber-attack services to the Beijing government. Security firms SentinelOne and Malwarebytes have undertaken an analysis of these documents, suggesting that I-Soon has been actively competing for government hacking contracts, targeting both international and domestic entities.
Services and Targets
The examination of the leaked documents reveals that I-Soon has developed sophisticated tools designed to infiltrate devices operating on major platforms, including Linux, Windows, macOS, iOS, and Android. Specifically, their Android-targeted malware is reportedly capable of extracting comprehensive messaging histories from popular Chinese and international chat applications. Further disclosures indicate that I-Soon has executed successful cyber operations against several national government departments across India, Thailand, Vietnam, South Korea, and even penetrated a NATO system. Additionally, bids for projects in Xinjiang, under the guise of counter-terrorism measures, have surfaced, highlighting the extent of I-Soon's involvement in sensitive regions.
Techniques and Capabilities
Among the leaked documents, there are descriptions of various hardware hacking tools employed by I-Soon, such as a power bank designed to siphon data from connected devices discreetly. Discussions within the organization regarding the feasibility of acquiring exploits unearthed during the Tianfu Cup, a prestigious Chinese hacking contest, have also been revealed. A significant concern is the competitive industry that has emerged around fulfilling the cyber espionage demands of different Chinese government agencies, with documented evidence of a payment structure for successful breaches of high-profile targets, including the FBI.
This document leak serves as a striking revelation concerning the operations of I-Soon, bringing to light the firm's engagement in state-sponsored cyber activities. While the details provided do not necessarily disclose novel cyber capabilities, they offer a rare glimpse into the dynamics of how Beijing potentially outsources its cyber offensive initiatives. The narrative around this leak is still developing as more comprehensive translations of the documents become available, promising further insights into I-Soon's operational intricacies and the broader ecosystem of cyber mercenaries operating within China.
