TLDR:
Leaked documents from Chinese security company I-Soon shed light on China’s commercial cyber espionage industry, providing valuable insight for cyber threat intelligence researchers. The legitimacy of the leaked documents and source remains unknown, but analysts believe they are authentic. The leak revealed I-Soon’s involvement in cyber espionage operations targeting various countries and sectors, including government entities, telecommunications firms, and academic sectors. If legitimate, the leak represents a milestone in open source cyber threat intelligence and offers valuable knowledge to the cyber threat intelligence community.
Article:
Leaked documents originating from Chinese security company I-Soon have provided valuable insights into China’s commercial cyber espionage industry, offering unprecedented opportunities for cyber threat intelligence (CTI) researchers. The leaked data, uploaded to GitHub, included screenshots and documents from I-Soon employees, revealing details about the maturing nature of China’s cyber espionage ecosystem.
Despite the confirmation from many CTI analysts regarding the credibility of the leaked data, the legitimacy of the documents and the source remains unknown. However, analysts believe that the level of detail, leaked chat logs, and corroboration from indicators of compromise (IOCs) suggest that the data is genuine.
The leaked documents included over 570 files, representing approximately 170MGB of data in various formats. They offered insights into I-Soon’s cyber espionage tools, business practices, and targets, including government entities, telecommunications firms, and academic sectors in various regions. The leak also indicated I-Soon’s involvement in nation-state operations and ties with Chinese threat groups.
If the leaked data is legitimate, it signifies a significant development in cyber threat intelligence related to China, offering valuable knowledge to the CTI community. It highlights the outsourcing of intelligence gathering by Chinese government agencies, confirms relationships between APT groups and the private sector in China, and provides an opportunity to reevaluate past attribution efforts in the Chinese threat landscape.
The I-Soon leak has revolutionized the understanding of the Chinese Ministry of Public Security’s cyber operations in the open source intelligence (OSINT) community, marking a milestone in open source cyber threat intelligence related to China.