In a stunning revelation, a series of documents linked to a cyberespionage outfit connected to the Chinese state has been uncovered, shedding light on Beijing’s extensive digital intrusion efforts against international entities. This discovery made public through a GitHub post, comprises over 570 pieces of evidence, including files, visuals, and communication logs, providing a rare peek into the covert operations spearheaded by entities contracted by the Chinese government for data harvesting missions on a grand scale.

The documents, which cybersecurity professionals have authenticated despite the anonymity of the source, detail a comprehensive campaign to siphon data from foreign governments, corporations, and critical infrastructure, pinpointing vulnerabilities in the software products of tech behemoths like Microsoft, Apple, and Google. These findings underscore the sophisticated and expansive nature of China’s intelligence and military cyber operations, which are now laid bare in an unprecedented manner.

A Rare and Troubling Insight

John Hultquist of Mandiant Intelligence, a subsidiary of Google Cloud, emphasized the rarity of such an extensive insight into an intelligence operation, highlighting the significance of this leak as it pertains to understanding China’s cyberespionage capabilities. Said Hulquist,

“We rarely get such unfettered access to the inner workings of any intelligence operation. We have every reason to believe this is the authentic data of a contractor supporting global and domestic cyber espionage operations out of China.” 

This sentiment is echoed by US intelligence, which has long regarded China as a formidable cyber threat, particularly in light of its focused hacking campaigns against American interests.

It Originated From iSoon

Originating from iSoon, also known as Auxun, a Shanghai-based firm engaged in third-party hacking and data collection for Chinese government agencies and state-owned entities, the leaked cache does not contain data harvested from these cyber intrusions but rather outlines the scope, targets, and some outcomes of these operations. Among the disclosed targets are over 20 foreign governments and territories (including the UK, India, Taiwan, and Malaysia), revealing the extent and focus of China’s cyberespionage activities.

The documents reveal iSoon’s success in breaching 80 international targets, including significant data hauls like immigration records from India and telecom data from South Korea’s LG U Plus. This information not only underscores the strategic interests of Chinese intelligence but also the vulnerabilities exploited in global digital infrastructure.