icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Unmasking I-Soon | The Leak That Revealed China's Cyber Operations

Summary:
The leak from I-Soon, a company contracting for various Chinese government agencies including the Ministry of Public Security, Ministry of State Security, and People’s Liberation Army, occurred over the weekend of February 16th. The source of the leak and motives behind it remain unknown, but it offers unprecedented insight into the operations of a state-affiliated hacking contractor. While the authenticity of the documents is still being verified, they confirm existing threat intelligence and illustrate the competitive landscape of China’s cyber espionage ecosystem, driven by government targeting requirements.

I-Soon, whose employees express dissatisfaction with low pay and engage in office gambling, is implicated in compromising at least 14 governments, pro-democracy organizations in Hong Kong, universities, and NATO. The leaked documents align with prior threat intelligence on several known threat groups. Notably, the leak reveals the company's pursuit of low-value hacking contracts from numerous government agencies, challenging assumptions about the predictability of future targets based on historical data.

The leaked data, rapidly disseminated through machine translation tools, has enabled a broader range of analysts to examine and extract findings. While geographically-specialized analysis remains valuable, the barrier to entry for interpreting such data has significantly decreased.

Security Officer Comments:
Initial observations indicate that the leaked documents include marketing materials, technical documents showcasing the company's offensive capabilities, and internal communications. The company boasts about past counterterrorism work in Xinjiang and lists other terrorism-related targets it has hacked. Technical documentation displays custom hardware surveillance devices and offensive toolkits, confirming the company's focus on hacking-for-hire and offensive operations.

The leaked information provides indicators of suspected Chinese cyberespionage activities previously observed by the threat intelligence community. The relationships between these indicators and past intrusions are still under evaluation. Some leaked documents detail the fees earned by hacking specific organizations, highlighting the financial incentives driving such operations. Employees express frustration over pay and express desires to seek employment elsewhere.

Suggested Corrections:
Overall, the leak raises important questions for the cybersecurity community and underscores the evolving nature of state-affiliated cyber operations in China.

Link(s):
https://www.sentinelone.com/labs/unmasking-i-soon-the-leak-that-revealed-chinas-cyber-operations/

Contact Us for Threat Assistance
Back to Current Threats