In a startling revelation, a trove of documents has surfaced on GitHub, allegedly exposing the covert cyber operations of a Chinese information security (infosec) company, I-Soon. These leaked documents detail the development and utilization of sophisticated spyware targeting social media platforms, telecommunications companies, and various organizations worldwide. While Taiwanese threat intelligence researcher Azaka Sekai claims these documents provide a rare glimpse into China’s state-sponsored cyber activities, their authenticity remains unverified as of the writing of this article.
The leaked information suggests a wide-ranging espionage campaign orchestrated by unknown entities, with suspicions pointing towards involvement by the Chinese government. The alleged spyware, developed by company closely associated with the Chinese government, I-Soon, is purportedly capable of infiltrating Android and iOS devices, enabling attackers to access a plethora of sensitive information, including hardware details, GPS data, contacts, media files, and even real-time audio recordings.
Azaka Sekai’s analysis of the Mandarin-written documents delves into the intricate workings of these cyber operations. Specific features of the offensive software are highlighted, including the ability to acquire a user’s Twitter email and phone number, real-time monitoring, tweeting on their behalf, and reading direct messages. Such capabilities raise serious concerns about the privacy and security of individuals targeted by this spyware.
The leaked documentation also sheds light on various gadgets allegedly employed by attackers. One noteworthy device is described as a WiFi-capable gadget resembling a portable battery from a well-known Chinese manufacturer. This device purportedly has the capability to inject targeted Android phones via a WiFi signal, providing a covert means of cyber intrusion.
Azaka Sekai’s analysis further exposes products designed for spying on individuals using popular Chinese social media platforms like Weibo, Baidu, and WeChat. This revelation suggests a comprehensive approach to espionage, encompassing both international and domestic targets.
Notably, the leaked documents contain sensitive information from multiple telecommunications providers, including details from Beeline and Tele2 operating in Kazakhstan. Moreover, the spyware allegedly targets significant entities such as Sciences Po, a private hospital network in India, Apollo Hospitals, and government organizations from China’s neighboring countries.
Perhaps one of the most surprising aspects of the leaked documents is the revelation of the earnings of those involved in developing the spyware and company employees. Excluding C-level executives, the average salary for these individuals is reported to be a mere 7,600 RMB after tax, equivalent to approximately 1,000 USD. This paltry compensation has raised eyebrows among researchers and the cybersecurity community, considering the gravity of the alleged activities these individuals are involved in.
The unconfirmed leak has prompted concerns about the potential global implications of China’s cyber operations. If the documents prove to be authentic, they expose a highly sophisticated and widespread espionage infrastructure with the alleged involvement of a state-sponsored Chinese company. The revelations also highlight the urgent need for international cooperation in addressing cyber threats and holding accountable those responsible for such activities.
Efforts to verify the authenticity of the leaked documents are ongoing, and scrutiny from cybersecurity experts, government agencies, and the affected companies is crucial in determining the accuracy of the claims. The gravity of the situation underscores the necessity for robust cybersecurity measures at both the individual and organizational levels.
In the absence of official confirmation, the cybersecurity community must remain vigilant, continuing to investigate and analyze the alleged leak to better understand the extent of the threat posed by I-Soon’s spyware. Regardless of the outcome, this incident serves as a stark reminder of the evolving landscape of cyber threats and the imperative for nations to collaborate in fortifying their defenses against state-sponsored cyber espionage.
