Data Breach Alert As Chinese Hackers Expose Massive Theft of Indian Immigration Records Equalling 100GB; How Chinese Government Utilize Companies Like iSoon For Espionage Purposes
A recent event has shed light on a significant breach in cybersecurity - Chinese hackers have successfully infiltrated foreign governments and entities, stealing a staggering 100 gigabytes of immigration data from India. Leaked documents expose the extent of cyber intrusions orchestrated by Beijing's intelligence and military apparatus, raising serious concerns about the scale and persistence of cyber threats from China. The recent exposure of iSoon's covert activities has revealed China's web of state-sponsored cyber espionage, sparking concerns over global cybersecurity. Operating under the guise of a legitimate enterprise, iSoon serves as a covert arm of Chinese government agencies, conducting surveillance on both foreign adversaries and domestic dissidents. The Chinese government's secret utilization of companies like iSoon for espionage purposes poses a significant threat to countries like India and others - by infiltrating foreign entities, China aims to gain strategic advantages, leading to potential security breaches and economic losses, not to forget diplomatic tensions.
Chinese hackers have managed to abscond with 100 gigabytes of immigration data from India, as revealed by leaked documents.
The cache of documents, originating from a Chinese state-linked hacking group, iSoon, has disclosed a series of widespread cyber intrusions orchestrated by Beijing’s intelligence and military arms against various foreign entities, including governments, corporations, and critical infrastructure.
As per The Washington Post’s report, this leaked compilation, comprising over 570 files, images, and chat logs, offers a rare glimpse into the activities of a company contracted by Chinese government bodies to conduct large-scale, targeted data collection missions.
Posted on GitHub recently, the files divulge contracts spanning eight years, all geared towards harvesting data from foreign sources. Among the targeted entities are at least 20 foreign governments and territories, notably India, Hong Kong, Thailand, South Korea, the United Kingdom, Taiwan, and Malaysia.
These leaked documents are credited to iSoon, also known as Auxun, a Shanghai-based firm specializing in third-party hacking and data acquisition services for governmental agencies, security organizations, and state-owned enterprises. The focus of this trove lies predominantly on the listed targets rather than data procured from Chinese hacking endeavours.
What Is At Stake
The leaked spreadsheet points towards successful breaches of 80 overseas targets, including the acquisition of 95.2 gigabytes of immigration data from India and a whopping 3 terabytes of call logs from South Korea’s LG U Plus telecom provider.
Infrastructure data was not spared either, with 459GB of critical road-mapping data from Taiwan being among the extracted information, crucial for military strategizing.
Although the majority of targets were located in Asia, iSoon’s operations extended globally, as evidenced by chat logs hinting at data related to NATO in 2022.
Additionally, the leak brings to light discussions about targeting British government offices, esteemed think tanks such as Chatham House, and diplomatic partners like Pakistan and Cambodia.
What Is iSoon
iSoon operates within an ecosystem of contractors entrenched in China’s “patriotic” hacking scene, which has been evolving over the past two decades, serving government entities like the Ministry of Public Security, the Ministry of State Security, and the Chinese military.
iSoon embodies the Chinese approach of intertwining state backing with profit motives, resulting in a sprawling network of entities competing to exploit vulnerabilities.
The leaked documents illuminate the intense competition prevalent within China’s national security data collection industry, where firms vie for lucrative government contracts by offering increasingly extensive access to sensitive information.
The ramifications of this unprecedented leak are far-reaching, raising concerns about the magnitude and persistence of cyber threats originating from China and their potential ramifications for global cybersecurity.
China’s Covert APT Scheme
iSoon, masquerading as a legitimate entity, has been enlisted by Chinese government agencies to conduct espionage on both foreign and domestic targets of political significance.
The company appears to function as a hack-for-hire service catering to various government bodies of the People’s Republic of China (PRC), including the Ministry of Public Security, Ministry of State Security, and the People’s Liberation Army (PLA).
Analysts have identified similarities between iSoon and several established Chinese Advanced Persistent Threats (APTs).
Adam Meyers, leading counter adversary operations at CrowdStrike, highlights the correlation between iSoon and Aquatic Panda, also known as Budworm, Charcoal Typhoo, ControlX, RedHotel, and BRONZE UNIVERSITY.
Among the vast collection of leaked documents, exceeding 500 in number, are promotional materials, instructional guides, client and employee rosters, WeChat conversations between clients and staff, and more.
Analysts are diligently scrutinizing and cross-referencing these materials, gradually unveiling the primary targets and objectives of China’s state-sponsored cyber activities.
iSoon’s targets have ranged from domestic entities such as pro-democracy groups in Hong Kong and ethnic minorities like the Uyghurs from Xinjiang province to government agencies in at least 14 countries, including Vietnam’s Ministry of Internal Affairs, Ministry of Economy, Government Statistics Office, and Traffic Control Police, alongside unconfirmed potential infiltration of organizations like the North Atlantic Treaty Organization (NATO).
Additionally, iSoon has targeted private enterprises across Asia, encompassing industries from gambling and airlines to telecommunications.
Dakota Cary, a consultant at SentinelOne and a nonresident fellow at the Atlantic Council’s Global China Hub, emphasizes the importance of not solely relying on past targeting patterns to predict future actions of such cyber entities, given their adaptability to changing market demands.
Leaked documents also divulge the diverse rates at which the Chinese government compensates iSoon for its services, ranging from $15,000 for access to Vietnam’s traffic police website to $55,000 for data from the Ministry of Economy.
Personal information extracted from social media accounts could fetch up to $278,000, underscoring the government’s targeting of individual dissenters.
The pricing structure reflects the maturity of the market, signaling a robust demand for hacking services. Cary notes the significance of these rates, particularly in contrast to prices in the vulnerability market.
While iSoon possesses an array of sophisticated malicious tools, including a Twitter infostealer and specialized hardware devices, most of its arsenal consists of well-known malware within the Chinese APT ecosystem, such as the Winnti backdoor and the PlugX remote access Trojan (RAT).
The Clandestine Chinese Web
The Chinese government’s engagement in espionage activities through companies like iSoon represents a calculated strategy aimed at furthering its geopolitical interests and gaining competitive advantages in various domains.
China can gather valuable intelligence, including military, economic, and political information by targeting and infiltrating foreign governments, companies, and infrastructure.
This clandestine approach allows China to obtain insights into its rivals’ strategies, capabilities, and vulnerabilities, thereby enhancing its own strategic positioning on the global stage.
One primary motivation behind China’s espionage efforts could be to boost its economic and technological competitiveness; by stealing intellectual property, trade secrets, and cutting-edge technologies from countries like India and others, China can accelerate its own development and innovation initiatives, reducing its dependence on foreign imports and advancing its economic dominance in key sectors.
Additionally, by monitoring the activities of foreign governments and influencing their decision-making processes, China likely pursues safeguarding its own national interests and expanding its sphere of influence.
The repercussions for countries being spied on, such as India and others, are multifaceted and significant.
Firstly, there are immediate security concerns, as sensitive government and military information may be compromised, potentially undermining national security and sovereignty.
Moreover, economic espionage can harm the competitiveness and innovation capabilities of targeted industries, leading to economic losses and undermining the affected country’s long-term growth prospects.
The Last Bit, The question is will the discovery of Chinese espionage prompt retaliatory measures from affected countries, including diplomatic protests, economic sanctions, or even cyber counterattacks?
Highly, unlikely!
Yet, the Chinese government’s use of companies like iSoon for espionage purposes represents a sophisticated and multifaceted threat to the security, prosperity, and sovereignty of targeted countries.
