Close Menu
TechBrunchTechBrunch
  • Home
  • AI
  • Apps
  • Crypto
  • Security
  • Startups
  • TechCrunch
  • Venture

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

Databricks, co-founder of Prperxity, pledges $100 million to a new fund for AI researchers

June 23, 2025

Apple's liquid glass interface improves with iOS 26 Beta 2 release

June 23, 2025

According to Canada, the carrier was breached by China-related spying hacking

June 23, 2025
Facebook X (Twitter) Instagram
TechBrunchTechBrunch
  • Home
  • AI

    OpenAI seeks to extend human lifespans with the help of longevity startups

    January 17, 2025

    Farewell to the $200 million woolly mammoth and TikTok

    January 17, 2025

    Nord Security founder launches Nexos.ai to help enterprises move AI projects from pilot to production

    January 17, 2025

    Data proves it remains difficult for startups to raise capital, even though VCs invested $75 billion in the fourth quarter

    January 16, 2025

    Apple suspends AI notification summaries for news after generating false alerts

    January 16, 2025
  • Apps

    Apple's liquid glass interface improves with iOS 26 Beta 2 release

    June 23, 2025

    Senators urge FTC to investigate Spotify's higher priced bundled subscriptions

    June 23, 2025

    SNAP gets Saturn, a social calendar app for high school and university students

    June 20, 2025

    The X app code refers to the physical card that comes to X money

    June 20, 2025

    Deezer begins labeling AI-generated music to tackle streaming scams

    June 20, 2025
  • Crypto

    Stablecoin Evangelist: Katie Haun's Battle of Digital Dollars

    June 22, 2025

    Hackers steal and destroy millions of Iran's biggest crypto exchanges

    June 18, 2025

    Unique, a new social media app

    June 17, 2025

    xNotify Polymarket as partner in the official forecast market

    June 6, 2025

    Circle IPOs are giving hope to more startups waiting to be published to more startups

    June 5, 2025
  • Security

    According to Canada, the carrier was breached by China-related spying hacking

    June 23, 2025

    US insurance giant AFLAC says customer personal data was stolen during a cyber attack

    June 23, 2025

    Iran's government says it will shut down the internet to protect against cyber attacks

    June 20, 2025

    According to web surveillance companies, the internet will collapse across Iran

    June 18, 2025

    Pro-Israel hacktivist group claims responsiveness to alleged Iranian bank hacks

    June 17, 2025
  • Startups

    7 days left: Founders and VCs save over $300 on all stage passes

    March 24, 2025

    AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

    March 24, 2025

    20 Hottest Open Source Startups of 2024

    March 22, 2025

    Andrill may build a weapons factory in the UK

    March 21, 2025

    Startup Weekly: Wiz bets paid off at M&A Rich Week

    March 21, 2025
  • TechCrunch

    OpenSea takes a long-term view with a focus on UX despite NFT sales remaining low

    February 8, 2024

    AI will save software companies' growth dreams

    February 8, 2024

    B2B and B2C are not about who buys, but how you sell

    February 5, 2024

    It's time for venture capital to break away from fast fashion

    February 3, 2024

    a16z's Chris Dixon believes it's time to focus on blockchain use cases rather than speculation

    February 2, 2024
  • Venture

    Databricks, co-founder of Prperxity, pledges $100 million to a new fund for AI researchers

    June 23, 2025

    Four months after valuation of $300 million, HarveyAI will increase to $5 billion

    June 23, 2025

    Destruction 2025 Builder's Stage Agenda is now alive and in shape

    June 23, 2025

    Want to know where the VC will invest next? See 2025 suspension

    June 23, 2025

    TC Last time to save all stage paths

    June 22, 2025
TechBrunchTechBrunch

Spyware leak reveals 'first of its kind' inside Chinese government hacking operation

TechBrunchBy TechBrunchFebruary 23, 20245 Mins Read
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
Share
Facebook Twitter LinkedIn Pinterest Telegram Email


over the weekendsomeone posted a cache of files and documents that appeared to be stolen from Chinese government hacking contractor I-Soon.

The leak gave cybersecurity researchers and hostile governments an unprecedented opportunity to peer behind the scenes at a Chinese government hacking operation facilitated by private contractors.

Similar to the hack-and-leak operation that targeted Italian spyware maker Hacking Team in 2015, the I-Soon leak includes company documents and internal communications, and reveals that I-Soon has been linked to India, Kazakhstan, India, and Kazakhstan. , indicating that it is suspected of being involved in hacking of Indian companies and government agencies. Malaysia, Pakistan, Taiwan, Thailand etc.

The leaked files were posted to code-sharing site GitHub on Friday. Since then, observers of Chinese hacking activity have been eagerly viewing the files.

“This represents the most significant data breach involving a company suspected of providing cyber espionage and targeted intrusion services to Chinese security services,” said John, threat intelligence analyst at cybersecurity firm Recorded Future.・Mr. Condra stated.

For John Hultquist, chief analyst at Google's Mandiant, the breach is “small in scope, but deep-rooted.” “Rarely do we have such unfettered access to the inner workings of an intelligence operation.”

“This breach is the first to reveal the inner workings of a nation-state hacking contractor,” Dakota Carey, an analyst at cybersecurity firm Sentinel One, wrote in a blog post.

Mathieu Tartare, a malware researcher at ESET, also said the breach “could help link some of the breaches observed by threat intelligence analysts to I-Soon.”

One of the first people to investigate the breach was a threat intelligence researcher from Taiwan known as Azaka. On Sunday, Azaka posted a long thread on X (formerly Twitter) in which he analyzed some documents and files, which appear to date back to 2022. Researchers highlighted spy software developed by I-Soon for Windows, Mac, iPhone, and Android devices. It also includes hardware hacking devices designed to be used in real-world situations that can crack Wi-Fi passwords, track Wi-Fi devices, and jam Wi-Fi signals. will appear.

Lee Soon's "A WiFi Near Field Attack System is a device for hacking Wi-Fi networks that disguises itself as an external battery.

I-Soon's “WiFi Near Field Attack System” is a device that hacks Wi-Fi networks disguised as an external battery. (screenshot: Azaka)

“We researchers have finally confirmed that this is how things work over there, and that APT groups work pretty much like all of us regular workers ( “The scale is pretty large, and there's a lucrative market for compromising large government networks.” Azaka told TechCrunch. APT (Advanced Persistent Threat) is a hacking group that usually has government support.

According to researchers' analysis, the documents show that Yisun served in China's Ministry of Public Security, Ministry of State Security, and China's Army and Navy. I-Soon also markets and sells its services to local law enforcement agencies across China to target ethnic minorities such as Tibetans and Uyghurs, a Muslim community living in western China's Xinjiang Uighur Autonomous Region. did.

This document connects I-Soon and APT41. APT41 is a Chinese government hacking group that has reportedly been active since 2012 and targets organizations across a variety of industries in the healthcare, communications, technology, and video game industries around the world.

The IP addresses found in the I-Soon leak also hosted phishing sites that digital rights organization Citizen Lab saw used against Tibetans in a 2019 hacking campaign. At the time, Citizen Lab researchers named the hacker group “Poison Carp.”

Like Azaka and others, they also discovered chat logs between Yisun employees and management, in which employees talked about gambling, a popular Chinese tile-based game. Some of the content was very mundane, such as playing mahjong.

Carey highlighted documents and chats showing how much or how little Isun employees were paid.

inquiry

Do you know more about I-Soon and the Chinese government hack? Securely contact Lorenzo Franceschi-Bicchierai from your non-work device on Signal (+1 917 257 1382) or on Telegram, Keybase and Wire @lorenzofb or email You can contact me. You can also contact TechCrunch via SecureDrop.

“They are receiving $55,000.” [US] — $2,024 — that’s not a lot of money for a target like that to hack Vietnam’s Ministry of Economy,” Carey told TechCrunch. “It makes you think about how low-cost it is for China to conduct operations against high-value targets. And what does that say about the nature of the organization's security?”

What the leak shows, Carey said, is that researchers and cybersecurity companies need to carefully consider the potential future actions of mercenary hacker groups based on past activity. .

“This shows that a threat actor's previous targeting behavior, especially when they are Chinese government contractors, is not indicative of future targets,” Carey said. “So it's not helpful to look at this organization and think, 'Oh, they just hacked the healthcare industry, or they hacked X, Y, and Z industries, and they hacked these countries.' what is it responding to? [government] Requested by the agency. And those agencies may request something different. They may get deals with new bureaus and new locations. ”

The Chinese embassy in Washington, D.C., did not respond to a request for comment.

An email sent to I-Soon's support inbox went unanswered. Two anonymous I-Soon employees told The Associated Press that the company held a meeting on Wednesday and advised employees that the breach would not impact business and to “continue to operate as usual.” He said that he told him.

At this time, there is no information about who posted the leaked documents or files, and GitHub recently removed the leaked cache from its platform. However, several researchers agree that the accounts are more likely to come from disgruntled current or former employees.

“The people who put this leak together created a table of contents. And what the leak is about is employees complaining about low pay and the company's financial situation,” Cary said. “This leak is structured to embarrass the company.”





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

According to Canada, the carrier was breached by China-related spying hacking

June 23, 2025

US insurance giant AFLAC says customer personal data was stolen during a cyber attack

June 23, 2025

Iran's government says it will shut down the internet to protect against cyber attacks

June 20, 2025

According to web surveillance companies, the internet will collapse across Iran

June 18, 2025

Pro-Israel hacktivist group claims responsiveness to alleged Iranian bank hacks

June 17, 2025

Pro-Israel Hacktivist Group has allegedly blamed for alleged Iranian bank hacks

June 17, 2025

Leave A Reply Cancel Reply

Top Reviews
Editors Picks

7 days left: Founders and VCs save over $300 on all stage passes

March 24, 2025

AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

March 24, 2025

20 Hottest Open Source Startups of 2024

March 22, 2025

Andrill may build a weapons factory in the UK

March 21, 2025
About Us
About Us

Welcome to Tech Brunch, your go-to destination for cutting-edge insights, news, and analysis in the fields of Artificial Intelligence (AI), Cryptocurrency, Technology, and Startups. At Tech Brunch, we are passionate about exploring the latest trends, innovations, and developments shaping the future of these dynamic industries.

Our Picks

Databricks, co-founder of Prperxity, pledges $100 million to a new fund for AI researchers

June 23, 2025

Apple's liquid glass interface improves with iOS 26 Beta 2 release

June 23, 2025

According to Canada, the carrier was breached by China-related spying hacking

June 23, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

© 2025 TechBrunch. Designed by TechBrunch.
  • Home
  • About Tech Brunch
  • Advertise with Tech Brunch
  • Contact us
  • DMCA Notice
  • Privacy Policy
  • Terms of Use

Type above and press Enter to search. Press Esc to cancel.