Leak details global hacking campaign
A trove of leaked documents from a Chinese state-linked hacking group shows Beijing’s intelligence and military groups are carrying out large-scale, systematic cyber intrusions against foreign governments, companies and infrastructure – exploiting what the hackers claim are vulnerabilities in software by companies including Microsoft, Apple and Google.
The cache – containing more than 570 files, images and chat logs – offers an unprecedented look inside the operations of one of the firms that Chinese government agencies hire for on-demand, mass data-collecting operations.
The files – posted to GitHub last week and deemed credible by cybersecurity experts – detail contracts to extract foreign data over eight years and describe targets within at least 20 foreign governments and territories, including India, Hong Kong, Thailand, South Korea, the United Kingdom, Taiwan and Malaysia.
“We rarely get such unfettered access to the inner-workings of any intelligence operation,” said John Hultquist, chief analyst of Mandiant Intelligence, a cybersecurity firm owned by Google Cloud. “We have every reason to believe this is the authentic data of a contractor supporting global and domestic cyberespionage operations out of China.”
American intelligence officials see China as the greatest long-term threat to United States security and have raised alarm about its targeted hacking campaigns.
Experts are poring over the documents, which offer an unusual glimpse inside the intense competition of China’s national security data-gathering industry - where rival outfits jockey for lucrative government contracts by pledging comprehensive access to sensitive information deemed useful by Chinese police, military and intelligence agencies.
The documents come from iSoon, also known as Auxun, a Chinese firm headquartered in Shanghai that sells third-party hacking and data-gathering services to Chinese government bureaus, security groups and state-owned enterprises.
The trove does not include data extracted from Chinese hacking operations but lists targets and summaries of sample data amounts extracted and details on whether the hackers obtained full or partial control of foreign systems.
One spreadsheet listed 80 overseas targets that appeared to have successfully breached. The haul included immigration data from India and call logs from South Korea’s LG U Plus telecom provider. The group targeted other telecommunications firms in Hong Kong, Kazakhstan, Malaysia, Mongolia, Nepal and Taiwan.
ISoon clients also requested or obtained infrastructure data. The spreadsheet showed that the firm had a sample of 459GB of road-mapping data from Taiwan.
Among other targets were 10 Thai government agencies, including its foreign ministry and senate. – Washington Post