Cybersecurity Concerns: Chinese Tech Company Allegedly Asserts
Leaked documents have surfaced, suggesting that a Chinese cybersecurity firm, i-Soon, asserted its capability to hack the UK’s Foreign Office. The revelation comes from a collection of 577 documents and chat logs leaked on GitHub, an online developer platform, on February 16. While the leaker’s identity remains unknown, the leaked data offers insights into i-Soon’s activities over eight years, detailing attempts to access systems in the UK, France, and several Asian locations, including Taiwan, Pakistan, Malaysia, and Singapore.
The leaked documents reveal successful hacks targeting public bodies and businesses across Asia and Europe, though the extent of compromise is yet to be determined. I-Soon is among the many private companies providing cybersecurity services to China’s military, police, and security services, operating with a staff of fewer than 25 at its Shanghai headquarters.
The leaked data includes chat logs indicating that the UK Foreign Office was a priority target for i-Soon. In an undated chat log between an individual identified as “Boss Lu” and another participant, access to a Foreign Office software vulnerability was discussed. However, Boss Lu diverted focus to another organization due to a rival contractor securing the work. Another chat log reveals a user sending a list of UK targets to i-Soon, including the British Treasury, Chatham House, and Amnesty International. Discussions about prepayment for unspecified information on these targets ensued.
The leak potentially provides a rare glimpse into a “commercially-fueled, high-stakes intelligence operation,” according to John Hultquist, chief analyst at Mandiant Intelligence. The leaked data underscores how contractors like i-Soon serve multiple agencies simultaneously, forming a critical part of China’s cyber espionage landscape.
Various motives could be behind the leak, ranging from a disgruntled former employee to the involvement of a foreign intelligence agency or a malicious competitor aiming to undermine i-Soon’s credibility. Chinese authorities, along with i-Soon, are reportedly investigating the data dump, though the outcome of these investigations may not be publicly disclosed.
This leak sheds light on the intricate workings of China’s cyber espionage campaigns, emphasizing the unusual role played by the private sector in these operations. As investigations unfold, the cybersecurity landscape and the dynamics of public-private partnerships in cyber espionage may face increased scrutiny.
Comment Template