Most Notable Cybersecurity Leak of 2024 So Far - The I-Soon Leak Reveals a Trove of Information About Chinese State-Supported Hacking Operations
Petteri Nakamura
Security Consultant | OT Cybersecurity | Cybersecurity Awareness | Cybersecurity Strategy | International Relations
I-Soon (上海安洵) is a Shanghai based Chinese info-sec company that contracts for many Chinese government agencies like the Ministry of Public Security, Ministry of State Security, and People’s Liberation Army. A trove of documents and chat messages between employees was leaked on GitHub on 16 February showing inner workings of the company, targeted organizations and fees earned from hacking them (Apparently collecting data
?
The story hit the news internationally in the beginning of the week with also the Finnish national news agency Yle running a story. The www.i-soon.net website was down on Thursday and according to the news the Chinese police is looking for the "whistleblower". This unique data leak is going to keep security researchers
?
The next year Microsoft reported an increase in the number of zero-day vulnerabilities exploited by China-attributed hacking groups. Later the new Chinese cybersecurity and anti-espionage laws also prohibited disclosure of information that is in Chinese national interests (very broad definition) by any company operating in China to foreign governments without express permission from the Chinese authorities. The regulations show an apparent concerted effort to collect zero-day vulnerabilities as soon as they are found and to prevent them from being reported elsewhere.
The I-Soon leak includes employees discussing receiving zero-day vulnerabilities, that were found in the Chinese Tianfu cup cybersecurity contest
领英推荐
The leak appears to have been done to embarrass the company but it also gives a one of a kind window into the operation of these companies and the ecosystem of Chinese state-supported hacking operations, carried out by Chinese private contractors. This is a wake-up call for all companies and organizations and shows what kinds of tools and support these companies have at their disposal. Dakota Cary and Aleksandar Milenkoski from Sentinel Labs remarked that for business leaders the message is: "your organization’s threat model
Don’t forget that the underpaid hackers are armed with state collected and distributed zero-day vulnerabilities and proofs of concepts to facilitate their work.