A trove of documents leaked by an anonymous source reveals Beijing’s wide-ranging hacking operations and its priorities in its global push to shape the global information landscape.
The documents in the bombshell 190-megabyte leak on February 16 came from I-Soon (known as Auxun in Mandarin), a private security contractor with ties to China’s top spy agency. Detailed within are the firm’s surveillance of targets, both Chinese and foreign, government and private.
The documents show the scope of Bejing’s wide-ranging efforts to infiltrate foreign governments, firms and national infrastructure. FBI Director Christopher Wray warned last month of the Chinese government’s wholesale efforts to target “critical” American infrastructure and steal personal, corporate and research data.
The dump sheds light on I-Soon’s tools to spread propaganda, monitor activists living abroad and disrupt Wi-Fi networks.
Adrian Bretscher/Getty Images for Kaspersky Lab
“We see a lot of targeting of organizations that are related to ethnic minorities—Tibetans, Uyghurs. A lot of the targeting of foreign entities can be seen through the lens of domestic security priorities for the government,” Dakota Cary, a China analyst with the cybersecurity company SentinelOne, told the Associated Press.
Clients of I-Soon also requested or obtained intelligence on infrastructure. One spreadsheet showed the security contractor had 459 gigabytes worth of data on road maps in Taiwan, which China considers its territory and has pledged to eventually annex, The Washington Post reported.
The data trove was dumped on GitHub, an open-source platform for software developers, and found by a Taiwanese cyber threat intelligence analyst who couldn’t identify the source, according to former FBI cyber expert Adam Kozy.
“It could be a disgruntled employee of iS00N (I-Soon), or even one of the characters mentioned in the chats… but the things they’re saying align with other investigations on (Chinese) contractors like APT41,” Kozy told national security reporting platform SpyTalk.
While most of the entities outlined in the massive cache were in Asia, the U.K.’s Home and Foreign Offices and Treasury, as well as British think tanks like Chatham House, were also targeted.
Newsweek reached out to the Chinese embassy in Washington, D.C., with a written request for comment.
The revelation comes amid heightened concern in the U.S. and its allies over China’s sophisticated state-directed cyber operations.
In a court-approved operation, the FBI recently “disrupted a botnet of hundreds of U.S.-based small office/home office routers hijacked by People’s Republic of China (PRC) state-sponsored hackers,” the agency said in a statement released January 31.
“There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure—our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems—and the risk that poses to every American requires our attention now,” FBI Director Christopher Wray said that day during a hearing in the House of Representatives’ Select Committee on the Chinese Communist Party.
Wray warned these state-back hackers are paving the way for China to “wreak havoc” on American infrastructure “when the time has come to strike.” They are also “actively attacking our economic security—engaging in wholesale theft of our innovation and our personal and corporate data,” he said.
In October, the intelligence chiefs of the Five Eyes intelligence alliance—the U.S., U.K., Canada, Australia and New Zealand—warned of the threat posed by China’s use of cutting-edge technology to carry out hacking and intellectual property theft on a grand scale.
“China firmly opposes and cracks down on all forms of cyber attack in accordance with the law,” Chinese Foreign Ministry spokesperson Mao Ning said at a press conference on Monday, in response to Wray’s remarks on the Chinese hacking threat. “Without valid evidence, the U.S. jumped to an unwarranted conclusion and made groundless accusations against China. It is extremely irresponsible and is a complete distortion of facts.”
Countering with an accusation of her own, Mao said Chinese cyber security agencies have uncovered “long-running cyber attacks against China’s critical infrastructure” by the U.S. government, without citing specific examples.
Uncommon Knowledge
Newsweek is committed to challenging conventional wisdom and finding connections in the search for common ground.
Newsweek is committed to challenging conventional wisdom and finding connections in the search for common ground.