- Leaked documents suggest a Chinese cyber security firm, i-Soon, claimed to have the capability to hack the UK’s Foreign Office.
- The data also revealed the presence of UK government agencies, think tanks, businesses, and charities.
- Chinese police and i-Soon are reportedly investigating the data dump.
Leaked documents suggest that a Chinese cyber security firm claimed it possessed the capability to hack the UK’s Foreign Office. Additionally, the leaked i-Soon data reveals the presence of UK government agencies, think tanks, businesses, and charities. Other documents indicate successful hacks of public bodies and businesses across Asia and Europe, although it remains unclear whether any were compromised.
The identity of the leaker remains unknown.
China’s UK embassy stated that it was unaware of the leak and emphasized that China “firmly opposes and combats all forms of cyberattacks under the law.”
However, according to the AP news agency, Chinese police and i-Soon are reportedly investigating the data dump.
The leak appears genuine:
i-Soon, a private company that offers cyber security services for China’s military, police, and security services, employs fewer than 25 staff at its Shanghai headquarters. The collection of 577 documents and chat logs was leaked on GitHub, an online developer platform, on 16 February.
Three security researchers told the BBC the leak appeared to be genuine.
The files expose eight years of i-Soon’s efforts to extract data and gain access to systems in the UK, France, and various locations in Asia, including Taiwan, Pakistan, Malaysia, and Singapore.
In one instance, a government organization in southwest China paid approximately $15,000 (£11,900) to access the Vietnamese traffic police’s website.
In another instance, software designed to run a disinformation campaign on X, formerly Twitter, was priced at $100,000 (£79,000).
‘Boss Lu’:
In an undated chat log between “Boss Lu” and another unnamed user, i-Soon prioritizes the UK Foreign Office as a target. The unnamed participant claims to have access to a software vulnerability within the Foreign Office. However, Boss Lu redirects the focus to another organization because a rival contractor has been awarded the work.
In another chat log, a user sends i-Soon a list of UK targets, including the British Treasury, Chatham House, and Amnesty International.
“We don’t have this to hand, but we can work on it,” says the recipient.
The pair then discuss prepayment from their client for the unspecified information on the targets. Other chat logs reveal that i-Soon staff discussed contracts involving Jens Stoltenberg, NATO’s secretary general.
Rare inside look:
John Hultquist, chief analyst at Mandiant Intelligence, suggests that the leaks potentially provide a rare inside look into a “commercially-fueled, high-stakes intelligence operation.”
He adds that the data demonstrates how the contractors serve “not only one agency but multiple agencies at once.”
Experts suggest that there could be various motives behind the data leak, including actions by a disgruntled former employee, a foreign intelligence agency, or a malicious leak by a competitor aimed at undermining i-Soon’s public credibility.
While extensive reporting has been done on China’s cyber espionage campaign, this leak sheds light on the unusual involvement of the private sector in such operations.
Dakota Carey, a non-resident fellow at the Atlantic Council’s Global China Hub, believes it is unlikely that the outcome of investigations by the Chinese authorities will ever be made public.
[embedpost slug=”chinese-tech-giants-quietly-pulling-back-on-business-with-russia/”]
