Janice R. Andrews
Chinese authorities are presently looking into a massive data leak that was linked to a private security contractor who may have been involved with state security in China. The data dump, which came from the contractor I-Soon and was shared on Github.com, provides an unprecedented look at the inner workings of a large-scale, global cyber espionage operation.
Another troubling chapter in Github’s history of criminality is represented by this occurrence. It was revealed earlier this year that malevolent actors were using Github’s file-sharing capabilities to swindle users to phishing websites by inserting malware payloads within of the platform’s authentic traffic.
Leaked documents reveal I-Soon’s hacking activities and tools, as well as its targets, which include universities, at least fourteen international government agencies, and most importantly, agencies in Hong Kong. Although the veracity of the leaked data has not yet been verified, the information that has been made public is consistent with threat vectors that have been previously identified as coming from China.
Founded in 2010, I-Soon, formerly known as Shanghai Anxun Information Company, has several locations throughout China. Many of the cybersecurity services featured on its now-downloaded website were included in the 190 megabyte breach. The Ministry of Public Security, public security departments, and regional security bureaus in China were among the clients listed.
Documents, screenshots, and private chat discussions are among the several types of leaked data that include commonplace information like gambling habits and employee grievances. Interestingly, the use of AI translation has made the data more accessible and allowed experts outside of specialized circles to evaluate it more quickly. Rapid OCR decoding and translation of document images was made possible by tools like ChatGPT Vision, which greatly accelerated analysis.
Thousands of WeChat chats and promotional materials were uploaded to Github servers starting in mid-February. Among the materials were sales presentations that exalted the company’s hacking abilities and previous exploits, specifically mentioning targets connected to terrorism in Pakistan and Afghanistan and purportedly documenting fees received for hacking assignments.
The leakers’ identities and motivations are still unknown, although rumors have it that a Taiwanese analyst found the stockpile on Github and disseminated it on social media. An ongoing internal investigation was disclosed by an unnamed I-Soon employee, who advised staff to carry on with business as normal during the investigation.
This leak, while devoid of dramatic disclosures, offers a unique window into the inner workings of the world of international espionage, presenting office politics as more of a reality than the glamorous world of James Bond.
