Unprecedented Data Leaks Expose Chinese Cyber Espionage Programs
Following an unprecedented data leak from a Beijing regime hacking service provider, the secrets of Chinese cyberespionage are revealed. The I-Soon company is said to have infiltrated dozens of strategic targets around the world. This is what you will discover here by reading this brief cyberculture. Unprecedented data leaks reveal China’s cyberespionage program.
Following an unprecedented data leak from a Beijing regime hacking service provider, the secrets of Chinese cyberespionage are revealed. Based on the analysis of this data, it appears that the I-Soon company has infiltrated dozens of strategic targets around the world. This is what you will discover here by reading this brief Cyberculture.
Stay informed with our posts dedicated to Cyberculture to track its evolution through our regularly updated topics.
Chinese cyber espionage I-Soon: A data leak reveals the secrets of their hackers
Chinese cyber espionage poses a serious threat to the security and stability of the world. Many countries and organizations face hackers who try to steal sensitive information, disrupt critical infrastructure, or influence political outcomes. One of the most active and sophisticated cyber espionage actors is China, which has a large and diverse hacking program. But how does China conduct its cyber operations? What methods, targets, and objectives does it have? And how can we protect ourselves from its attacks?
In this brief, we will explore these questions of Chinese cyber espionage, based on a recent data leak that revealed the inner workings of a Chinese cybersecurity vendor working for the Chinese government. The vendor, I-Soon, is a private contractor that operates as an advanced persistent threat (APT) for hire, serving the Chinese Ministry of Public Security (MPS). The leaked data, published on GitHub, contains hundreds of documents that document I-Soon’s Chinese cyber espionage activities, from staff complaints to hacking tools and services.
We will also look at some of the solutions that exist to counter the cyber espionage threat, both from a technical and a strategic perspective. We will focus on the solutions developed by Freemindtronic, an Andorran company that specializes in security and encryption technologies, based on the NFC HSM (Near Field Communication and Hardware Security Module) technology. We will also examine the means of counter espionage against the methods of I-Soon, which are varied and sophisticated.
I-Soon data leak reveals insight into Chinese cyber espionage hacking program
The I-Soon data leak is a significant revelation in Chinese cyber espionage, as it offers a rare glimpse into the inner workings of a major spyware and APT-for-hire provider. The leak exposes I-Soon’s methods, tools and goals, as well as the challenges and frustrations of its staff.
According to the leaked data, I-Soon infiltrated several government agencies, including those from India, Thailand, Vietnam, South Korea, and NATO. Some of the tools that I-Soon used are impressive. For example, they had a tool that could steal the user’s Twitter email and phone number, read personal messages, and publish tweets on the user’s behalf. They also had custom Remote Access Trojans (RATs) for Windows, iOS, and Android, that could perform various malicious actions, such as keylogging, file access logging, process management, and remote shell. They also had portable devices for attacking networks from the inside, and special equipment for operatives working abroad to establish safe communication.
The leak also reveals some of the challenges and difficulties that I-Soon faced, such as losing access to some of their data seized from government agencies, dealing with corrupt officials, and working in sensitive regions like Xinjiang. The leak also shows some of the internal complaints and grievances of I-Soon’s staff, such as low pay, poor management, and lack of recognition.
The leak is a treasure trove of intel for cybersecurity researchers and analysts, as it provides a rare insight into the day-to-day operations of China’s hacking program, which the FBI says is the biggest of any country. The leak also raises serious concerns for the security and sovereignty of the countries and organizations targeted by I-Soon, as it exposes the extent and the impact of China’s cyber espionage activities.
In summary, the I-Soon data leak exposed the secrets of Chinese cyber espionage, which poses a major challenge to world security and stability. Faced with this threat, it is necessary to strengthen cooperation and defense in cybersecurity, while respecting the principles of freedom and transparency on the internet. It is also important to understand China’s motivations and objectives, in order to find peaceful and lasting solutions.
Reactions and challenges to the Chinese cyber espionage threat
The revelation of the I-Soon data leak comes amid growing tensions between China and its rivals, notably the United States, which regularly accuses it of carrying out cyberattacks against their interests. China, for its part, denies any involvement and presents itself as a victim of cyberwar. Faced with this threat, the countries targeted by I-Soon are calling for strengthening their cooperation and defense in cybersecurity.
For example, the European Union adopted a legal framework in 2023 to impose sanctions on perpetrators of cyberattacks, including China. Likewise, NATO has recognized cyberspace as a domain of operation, and affirmed its willingness to retaliate in the event of an attack. Finally, democratic countries have launched initiatives to promote the values of freedom and transparency on the internet, such as the Partnership for an Open and Secure Cyberspace.
However, these efforts remain insufficient to confront the Chinese threat, which has considerable resources and sophisticated strategies. It is therefore necessary to develop a global and coordinated approach, which involves governments, businesses, organizations and citizens. This would involve strengthening the resilience of information systems, sharing information and good practices, raising users’ awareness of the risks and opportunities of cyberspace, and promoting constructive dialogue with China.
The solutions of Freemindtronic against the cyber espionage threat
Facing the cyber espionage threat, especially from China, requires effective and adapted solutions, both from a technical and a strategic perspective. One of the companies that offers such solutions is Freemindtronic, an Andorran company that develops security and encryption technologies, based on the NFC HSM (Near Field Communication and Hardware Security Module) technology. The NFC HSM technology allows to create hardware security modules on any type of device, that ensure the encryption and the signature of any data, without contact, without energy source, and without internet connection.
Freemindtronic offers several solutions against the cyber espionage DataShielder Defense NFC HSM: a solution for sovereign communications, that allows to encrypt and sign any data on any type of device, with an unmatched level of confidentiality and trust. DataShielder uses the EviCore HSM OpenPGP technology, which is interoperable, retrocompatible, and versatile. DataShielder allows to customize the security of secrets, and to meet various specific needs.
- PassCypher NFC HSM: a solution for the management and storage of passwords, that allows to create, store, and use complex and secure passwords, without having to remember or enter them. PassCypher uses the EviPass NFC HSM technology, as well as the NFC HSM devices of Freemindtronic, EviTag and EviCard. PassCypher offers a maximum security and a simplicity of use.
- PassCypher HSM PGP: a solution for the management and storage of PGP keys, that allows to create, store, and use PGP keys, certificates, and signatures, without having to remember or enter them. PassCypher uses the EviCore HSM OpenPGP technology, as well as a hybrid solution via a web extension. PassCypher works without server and without database, and stores the encrypted containers on any storage device, protected by a post-quantum AES-256 encryption.
These solutions of Freemindtronic allow to protect oneself from the cyber espionage threat, by encrypting and signing the data, by managing and storing the passwords and the keys, and by communicating in a confidential and sovereign way. They are based on the NFC HSM technology, which guarantees a hardware and software security, without contact, without energy source, and without internet connection.
The means of counter espionage against the methods of I-Soon
Against the methods of cyber espionage of I-Soon, which are varied and sophisticated, the countries and organizations targeted must implement effective and adapted means of counter espionage. These means can be of several types:
- Preventive: they consist of strengthening the security of the information systems, by using up-to-date software, antivirus, firewall, complex passwords, encryption protocols, etc. They also consist of training the users to good practices, such as not opening suspicious attachments or links, not disclosing confidential information, not using public or unsecured networks, etc.
- Defensive: they consist of detecting and blocking the intrusion attempts, by using tools of surveillance, analysis, tracing, filtering, neutralization, etc. They also consist of reacting quickly and limiting the damage, by isolating the compromised systems, backing up the data, alerting the competent authorities, communicating transparently, etc.
- Offensive: they consist of retaliating and deterring the attackers, by using tools of counter-attack, disinformation, sabotage, sanction, etc. They also consist of cooperating with the allies and partners, by sharing the information, the evidence, the strategies, the resources, etc.
These means of counter espionage must be adapted to the specificities of the methods of I-Soon, which are varied and sophisticated. For example, to face the security flaws, it is necessary to use trustworthy software, verify their integrity, and update them regularly. To face the malware, it is necessary to use efficient antivirus, scan the systems regularly, and clean them in case of infection. To face the social engineering techniques, it is necessary to raise the awareness of the users, verify the identity and the credibility of the interlocutors, and not let oneself be influenced or corrupted.
Chinese cyberespionage statistics
The I-Soon data leak constitutes unprecedented testimony to the scale and impact of Chinese cyberespionage, which is based on close collaboration between the authorities and the private sector. Here are some statistics that illustrate the phenomenon:
China spent at least US$6.6 billion on cyber censorship in 2020, according to the Jamestown Foundation.
According to official sources, at least 2 million people were working for China’s cyberespionage system in 2013, a number that has almost certainly increased over the past eight years.
GreatFire, a censorship monitoring organization in China, estimates that 16% of the world’s 1,000 most visited websites are currently blocked in China.
In 2022, ANSSI handled 19 cyber defense operations and major incidents, compared to 17 in 2021. Nine of them were intrusions attributed to Chinese actors.
In conclusion, the means of counter espionage against the methods of I-Soon are essential to protect the interests and the sovereignty of the countries and organizations targeted. They must be implemented in a coordinated and proportionate way, respecting the principles of legality and legitimacy.