February 22, 2024 at 04:44PM
Leaked documents expose collaboration between the Chinese government and the private sector firm iSoon in conducting cyber espionage on foreign entities, domestic dissidents, and ethnic minorities. The company’s operations, target list, rates charged, and use of known malware have been revealed. The documents also shed light on internal dynamics and the cyber espionage market’s maturity.
Based on the meeting notes, here are the key takeaways:
1. Anxun Information Technology (iSoon), a Shanghai-based company known for providing cybersecurity training, is revealed to be a hack-for-hire operation working with the Chinese government agencies, including the Ministry of Public Security, Ministry of State Security, and the People’s Liberation Army (PLA).
2. The leaked documents include marketing materials, product manuals, lists of clients and employees, WeChat instant messages, and other materials, providing insights into the Chinese state’s primary targets and goals in cyberspace.
3. iSoon’s targets have included domestic targets such as pro-democracy organizations in Hong Kong, members of ethnic minorities, and agencies of at least 14 governments.
4. The leaked documents also reveal the varying rates at which the Chinese government pays iSoon for access to its victims, highlighting the maturity of the market and the specific prices for different types of data.
5. iSoon utilizes a range of malicious tools and known malware within the Chinese APT ecosystem, with some behind-the-scenes shenanigans such as employee complaints about low pay and office gambling also disclosed.
6. The key lesson highlighted is the importance of organizations elevating their cybersecurity posture and not underestimating the potential value of their data to cyber attackers, given the relatively low cost of targeting government ministries.