China’s already vast teams of state-sponsored hackers are getting a boost from private outfits, new documents reveal. A document leak from one of these firms, one of many that compete for government contracts, shows how the Chinese hackers target overseas organizations.
The document leak comes from a company called “i-Soon” that has boasted about its previous exploits breaching government and private organizations in at least 20 countries. This particular firm has been in business since at least 2012, but the market for similar private Chinese hackers that assist the government has likely been going for even longer and contains many more players.
570-page trove exposing Chinese hackers likely stems from employee complaints
Whoever posted the document leak to Github did not identify themselves, but said that they were a whistleblower. However, the nature of their complaints appears to be centered on poor working conditions, and on convincing the Chinese government that they are wasting their money on a subpar contractor. The leaker included internal chat logs that demonstrate low employee morale, as well as complaints from customers that were not satisfied with the service they paid for.
The Chinese hackers are apparently not getting paid very much for their efforts, far below the national monthly median wage. This appears to be due to a fiercely competitive marketplace in which many of these outfits, usually posing as some kind of cybersecurity or IT service, are in a “race to the bottom” in pricing. In spite of the low pay and cut-rate conditions, the documents reveal these outfits sometimes work directly with known advanced persistent threat groups like APT41.
Though China has been known to turn to private hackers for services, the document leaks point to this network being much more extensive than previously thought. It is also noteworthy that firms like i-Soon are not exclusively directed against government targets, very often breaking into private companies and human rights groups. This is an important factor to consider in light of the recent news that Chinese hackers have achieved widespread penetration into critical infrastructure targets in the US.
Document leak shows actions against both public and private targets
The document leak shows i-Soon worked to break into organizations in at least 20 countries. Among these were numerous telecommunications companies, with the Chinese hackers stealing over three terabytes of call logs from LG U Plus of South Korea. That reflects a general focus on both countries in Asia (and in Eastern Europe near the border) as well as telecoms firms, but the attackers also went after the governments of India, Thailand, and of course Taiwan. A list of both government and private targets in the UK was also found, but it is unclear if any of those breaches were successful.
i-Soon was also employed as part of China’s extensive domestic surveillance efforts. The document leaks reveal contracts with a number of law enforcement agencies around China for varying amounts of money, some ranging as high as $800,000.