Collection of leaked documents shows Chinese hacking scheme focused on harassing dissidents: NPR

Sven Loeffler/Getty Images/iStockPhoto

Sven Loeffler/Getty Images/iStockPhoto

A large collection of more than 500 sensitive technical documents has been published Connected Anonymous details last week of hacking operations by a Chinese technology company and lists of targets and marketing materials for the Chinese government.

The majority of operations appear to focus on monitoring and harassing dissidents who publicly criticize the Chinese government, including on global social media platforms such as X, formerly known as Twitter.

The target lists reveal casualties from at least 14 governments from Pakistan to Australia, as well as academic institutions and pro-democracy organizations in places like Hong Kong, as well as the NATO military alliance. The company was also seeking to work on surveillance of the Uyghur minority in Xinxiang, a broader Chinese government program that has been strongly criticized by major global human rights organizations around the world. There are even images of specialized devices used for spying, such as a recording device disguised as a power bank.

Cybersecurity researchers are still investigating the various components of the leak, which was shared on an open source development site popular with programmers, called GitHub. However, experts from major US cybersecurity companies including Google's Mandiant and… Sentinel Laboratories They shared preliminary analysis of the contents of the leak, believing the documents to be authentic.

“We have every reason to believe this is the real data of a contractor supporting global and domestic cyber espionage operations out of China,” said John Hultquist, senior analyst at Mandiant Intelligence, part of Google Cloud. “This leak is narrow, but deep. Rarely do we get such unrestricted access to the inner workings of any intelligence operation. We are working hard to learn as much as we can and put it to good use.”

See also  Ukraine calls on the world to show strength after bombing near nuclear plant

The state-owned company, called i-Soon, is known to be one of several contractors and subcontractors vying for opportunities to carry out hacking and surveillance operations for various Chinese government agencies. The company is currently facing a lawsuit from another Chinese contractor called Chengdu 404, a company that the US government has publicly linked In court documents State hacking operations. It appears that i-Soon may have subcontracted to Chengdu 404.

In previous public materials, i-Soon has cited relationships with China's Ministry of Public Security, Ministry of State Security, and People's Liberation Army, among others. The company is publicly known for offering cybersecurity training courses across the country from its base in Shanghai.

But beyond what is publicly known, the details in the leak give inside insights into how the increasingly competitive market for hacking inside China operates. It is unclear whether all the claims in the marketing materials included in the leak are true, such as the ability to break into devices manufactured by major American companies such as Apple and Microsoft. However, it is clear that the company is investing heavily in automating the ability to constantly monitor platforms like X and Facebook. These platforms, unlike the popular WeChat app, are not controlled by the Chinese government, making them very popular with dissidents.

There are also details in the leak regarding internal payrolls and other bureaucratic details of contracts with the Chinese government. There is a note, or “ReadMe” document, embedded on the GitHub page where the leak is hosted, in which the alleged source of the leak claims to be unhappy with the company's policies. This may indicate that the source is a disgruntled employee, although it is also possible that the leak is the result of an intelligence operation or the work of a competitor.

Although the contents of the leak are not entirely surprising, they are particularly useful to specialists and researchers, who continue to review the contents. In particular, individual documents can help researchers validate their assumptions about who is responsible for previously discovered violations.