Leaked files show secret world of China’s hackers for hire
The hackers offered a menu of services, at a variety of prices.
A local government in southwest China paid less than $15,000 for access to the private website of traffic police in Vietnam. Software that helped run disinformation campaigns and hack accounts on X cost $100,000. For $278,000 Chinese customers could get a trove of personal information behind social media accounts on platforms like Telegram and Facebook.
The offerings, detailed in leaked documents, were a portion of the hacking tools and data caches sold by a Chinese security firm called I-soon, one of the hundreds of enterprising companies that support China’s aggressive state-sponsored hacking efforts. The work is part of a campaign to break into the websites of foreign governments and telecommunications firms. The materials, which were posted to a public website last week, revealed an eight-year effort to target databases and tap communications in South Korea, Taiwan, Hong Kong, Malaysia, India and elsewhere in Asia. The files also showed a campaign to closely monitor the activities of ethnic minorities in China and online gambling firms.
Taken together, the files offered a rare look inside the secretive world of China’s state-backed hackers for hire. They illustrated how Chinese law enforcement and its premier spy agency, the Ministry of State Security, have reached beyond their own ranks to tap private-sector talent in a hacking campaign that US officials say has targeted American companies and government agencies. “We have every reason to believe this is the authentic data of a contractor supporting global and domestic cyberespionage operations out of China,” said John Hultquist, the chief analyst at Google’s Mandiant Intelligence.
Hultquist said the leak revealed that I-soon was working for a range of Chinese government entities that sponsor hacking, including the Ministry of State Security, the People’s Liberation Army and China’s national police. I-soon did not respond to emailed questions about the leak. Parts of China’s government still engage in sophisticated topdown hacks, like endeavouring to place code inside US infrastructure.
Among the information hacked was a large database of the road network in Taiwan, an island democracy that China has long claimed and threatened with invasion. Other information included internal email services or intranet access for multiple Southeast Asian government ministries, including Malaysia’s foreign and defense ministries and Thailand’s national intelligence agency.