A Chinese state-linked hacking group, known as iSoon or Auxun, has been exposed by a massive leak of documents that reveal its targets, methods, and tools. The documents, which were posted online last week, show that the group has been hacking foreign governments, companies, and infrastructure for at least eight years, exploiting vulnerabilities in U.S. software from Microsoft, Apple, and Google.
iSoon is a Shanghai-based company that sells third-party hacking and data-gathering services to Chinese government bureaus, security groups, and state-owned enterprises. The company has ties to the Ministry of Public Security, which is the main law enforcement and intelligence agency in China. The company also has branches in Chengdu, Beijing, and Hong Kong.
The company’s website, which has been taken down since the leak, claimed that it offered “information security solutions” and “big data analysis” to its clients. The company’s slogan was “Connecting the world, serving the country”.
The company’s employees, who used aliases such as “Jack”, “Tom”, and “Jerry”, communicated with each other and their clients through encrypted chat apps, such as Telegram and Signal. The company also used code names for its projects, such as “Red Fox”, “Blue Whale”, and “Green Dragon”.
The leak: A rare glimpse into the Chinese hacking activities
The leak of documents from iSoon, which was first reported by The Washington Post, consists of more than 570 files, images, and chat logs, dating from 2016 to 2021. The documents were uploaded to GitHub, a platform for sharing code, by an unknown source. The documents have been verified as authentic by cybersecurity experts, who suspect that the leak was either caused by a disgruntled employee or a rival hacking group.
The documents provide a rare glimpse into the Chinese hacking activities, which are usually shrouded in secrecy and deniability. The documents show the contracts, marketing presentations, product manuals, and client and employee lists of iSoon. The documents also show the targets, tools, and techniques of iSoon’s hacking operations.
The documents show that iSoon has hacked targets across at least 20 foreign governments and territories, including India, Hong Kong, Thailand, South Korea, the United Kingdom, Taiwan, and Malaysia. The targets include telecom providers, immigration agencies, airlines, banks, universities, media outlets, and political figures. The documents also show that iSoon has collected terabytes of data from its targets, such as call logs, emails, passwords, photos, and documents.
The documents also show that iSoon has used various tools and methods to hack its targets, such as phishing emails, malware, spyware, and zero-day exploits. The documents also show that iSoon has exploited vulnerabilities in U.S. software from Microsoft, Apple, and Google, such as Windows, iOS, Android, Office, and Chrome. The documents also show that iSoon has developed and sold devices disguised as power strips and batteries that can be used to compromise Wi-Fi networks.
The implications: A threat to the global security and privacy
The leak of documents from iSoon has raised serious concerns about the threat posed by the Chinese hacking activities to the global security and privacy. The leak has also highlighted the role and responsibility of the U.S. software companies in protecting their products and users from cyberattacks.
The leak has shown that the Chinese hacking group has targeted not only the political and economic rivals of China, but also the human rights activists and dissidents in China and abroad. The leak has also shown that the Chinese hacking group has gathered sensitive and personal information from its targets, which could be used for blackmail, espionage, or influence operations.
The leak has also shown that the Chinese hacking group has exploited the vulnerabilities in the U.S. software, which are widely used by millions of people and organizations around the world. The leak has also shown that the U.S. software companies have failed to detect and fix the vulnerabilities in their products, or to notify and assist their users who have been affected by the cyberattacks.
The leak has also shown that the Chinese hacking group has operated with impunity and without accountability, as it has been supported and protected by the Chinese government. The leak has also shown that the Chinese government has been using private contractors, such as iSoon, to carry out its hacking activities, which gives it plausible deniability and avoids international sanctions.