In a bombshell revelation, an anonymous source has leaked a trove of confidential documents showing the extraordinary global reach of a Chinese cyber contractor’s hacking operations. The 190-megabyte data dump, which hit the internet on February 16th, comes from I-Soon (known as Auxun in Mandarin), a private security firm with close ties to China’s top intelligence agency. The leaked files lay bare I-Soon’s invasive surveillance activities targeting governments, companies, infrastructure and activists around the world.
The documents shine a light on the scale and priorities of Beijing’s aggressive push to collect data and intelligence from foreign organizations. FBI Director Christopher Wray recently warned of the Chinese government’s “wholesale” targeting of critical American infrastructure to steal personal, corporate and research data on a massive scale. This leak seems to support those concerns.
“We see a lot of targeting related to ethnic minorities – Tibetans, Uyghurs. The targeting of foreign entities can be viewed through the lens of domestic security priorities for the Chinese government,” commented Dakota Cary, a China analyst at cybersecurity firm SentinelOne.
The files expose I-Soon’s toolkit for spreading propaganda, monitoring activists living abroad, and disrupting wireless networks. Documents show the firm obtained gigabytes of data on road maps and infrastructure in Taiwan, the self-governing island which China claims as its territory. Other files reveal that British government agencies like the Home Office, Foreign Office and Treasury were also compromised, along with influential UK think tanks.
While many of the leaked documents focus on targets in Asia, the breadth of I-Soon’s hacking activities demonstrates China’s determination to gain sensitive intelligence from nations and organizations worldwide to serve Beijing’s interests. Clients requested intelligence on everything from ethnic minority groups to critical national infrastructure.
The anonymous data dump first appeared on GitHub, an open-source platform for software developers. It was discovered by a Taiwanese cyber threat analyst who could not identify the source, according to former FBI cyber expert Adam Kozy.
It could be a disgruntled employee of I-Soon, or even one of the characters mentioned in the files,” Kozy told national security outlet SpyTalk. “But the things they’re saying align with other investigations on Chinese contractors like APT41.”
The leak comes amid heightened international concern over China’s sophisticated state-sponsored cyber operations. In January, the FBI revealed it had “disrupted a botnet of hundreds of U.S.-based small office/home office routers hijacked by People’s Republic of China (PRC) state-sponsored hackers.”
FBI Director Wray warned that Chinese state-backed hackers are actively infiltrating America’s critical infrastructure like water treatment plants, the electrical grid, pipelines and transportation systems. He cautioned these hackers are “paving the way” for China to potentially cripple U.S. infrastructure in the future.
“There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure…and the risk that poses to every American requires our attention now,” Wray told the House committee.
The chiefs of the Five Eyes intelligence alliance – the U.S., U.K., Canada, Australia and New Zealand – also sounded the alarm last October about the threats posed by China’s mass theft of intellectual property and cutting-edge technology through hacking.
In response to Wray’s warnings about Chinese cyber threats, Chinese Foreign Ministry spokesperson Mao Ning claimed without evidence that U.S. government agencies have carried out “long-running cyber attacks against China’s critical infrastructure.” Mao insisted “China firmly opposes and cracks down on all forms of cyber attack in accordance with the law.”
However, this latest document leak appears to validate serious concerns among Western governments about the depth of China’s wide-ranging hacking operations. The scope and priorities of these activities, revealed in the confidential files, seem geared towards giving Beijing an upper hand in intelligence gathering on everything from ethnic minority groups to foreign government agencies and infrastructure systems.
This anonymous data dump follows other recent revelations about questionable and even illegal data harvesting practices by Chinese companies. Last December, the censorship research group Citizen Lab disclosed that Chinese tech giant Huawei’s cloud infrastructure was being used for “indiscriminate” surveillance of device data, text messages, social media activity and more from over 100 million devices.
Earlier in 2022, former CIA intelligence officer Tom Garvey accused telecom equipment provider Huawei of illegal surveillance and data collection on Americans through their “smart city” products installed in major U.S. cities like Dubai, Atlanta and Rotterdam. Garvey claimed Huawei’s technology was being used to secretly monitor and collect the private text messages, phone conversations, locations and internet histories of Americans.
While the full impact of this latest leak is still being assessed, it undoubtedly shines a revealing light into Beijing’s aggressive espionage efforts to gather sensitive data on governments, companies and infrastructure around the globe. The unprecedented disclosure of these confidential files exposes the startling scope of China’s information warfare operations to shape the global technology and intelligence landscape to its strategic advantage.
As the world grows increasingly interconnected through technology, China’s relentless drive to infiltrate and monitor digital systems poses a serious threat to individual privacy, corporate security and even national interests. This latest breach reveals that these issues extend well beyond just concerns over data collection and surveillance. Beijing also aims to accumulate critical intelligence that could potentially be leveraged against other nations’ infrastructure at a future point.
Maintaining public trust in technology and information security has never been more vital. Western governments will need to work closely with the private sector and ordinary citizens to shore up vulnerabilities and counter invasive state-backed hacking exploits. With rising concerns about China’s ambitions in our hyper-connected world, this data leak serves as an urgent wake-up call about the need for robust cybersecurity measures and strategies to safeguard privacy, trade secrets and national interests around the globe.
