[ad_1]
Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the country’s top police agency and other parts of its government — a repository that appears to be the site of clear hacking activity to spy on both Chinese and foreigners. And lists the devices.
Among the apparent targets of the tools provided by the affected company, i-Sun: ethnicities and dissidents in parts of China that have seen significant anti-government protests, such as Hong Kong or the heavily Muslim region of Xinjiang in China’s far west.
The dump of multiple documents late last week and the subsequent investigation were confirmed by two employees of I-Sun, known as Anxun in Mandarin, which has ties to the powerful Ministry of Public Security. The dump, which analysts consider highly significant even though it does not reveal any particularly novel or powerful devices, contains hundreds of pages of contracts, marketing presentations, product manuals, and customer and employee lists.
They detail the methods used by Chinese authorities to monitor dissidents abroad, monitor other countries, and promote pro-Beijing narratives on social media.
The document shows apparent I-Sun hacking of networks in Central and Southeast Asia, as well as Hong Kong and the self-ruled island of Taiwan, which Beijing claims as its territory.
The hacking tool is used by Chinese state agents to expose users of social media platforms outside China such as X, formerly known as Twitter, to break into emails and hide the online activity of foreign agents. Is. Devices disguised as power strips and batteries have also been described that can be used to compromise Wi-Fi networks.
Two i-Sun employees told The Associated Press that i-Sun and Chinese police are investigating how the files were leaked. One of the employees said I-Soon held a meeting on Wednesday about the leak and was told it would not have much of an impact on the business and “should continue to operate as normal.” The AP is not naming the employees — who provided their surnames — out of concern of possible retribution, in accordance with general Chinese practice.
The source of the leak is not known. The Chinese Foreign Ministry did not immediately respond to a request for comment.
a very impressive leak
John Condra, an analyst at Recorded Future, a cybersecurity company, described it as the most significant leak to date involving a company “suspected of providing cyber espionage and targeted infiltration services for Chinese security services.” He said that according to the leaked material, organizations targeted by I-Sun include governments abroad, telecommunications companies and online gambling companies within China.
Until the 190-megabyte leak, i-Sun’s website consisted of a page Create customer list The Ministry of Public Security is at the top and consists of 11 provincial-level security bureaus and approximately 40 municipal public security departments.
Another page available Advanced persistent threat “attack and defense” capabilities were advertised as early as Tuesday, using the acronym APT — which the cybersecurity industry uses to describe the world’s most sophisticated hacking groups. Leaked internal documents describe an I-Sun database of hacked data collected from foreign networks around the world that is advertised and sold to Chinese police.
The company’s website went completely offline later Tuesday. A representative for i-Soon declined an interview request and said the company would release an official statement at an unspecified future date.
According to Chinese corporate records, i-Sun was founded in Shanghai in 2010, and according to leaked internal slides, it has subsidiaries in three other cities, including one in the southwestern city of Chengdu, which specializes in hacking, research, And is responsible for development.
i-Sun’s Chengdu subsidiary was open as usual on Wednesday. Red Lunar New Year lanterns fluttered in the wind on a covered alley leading to the five-story building that houses I-Sun’s Chengdu offices. Employees kept coming in and out, smoking cigarettes and drinking coffee outside. Inside, posters bearing the Communist Party’s hammer and stick symbol were accompanied by slogans that read: “Protecting the secrets of the Party and the country is the essential duty of every citizen.”
I-Sun’s tools appear to be used by Chinese police to crack down on dissent on foreign social media and flood them with pro-Beijing content. Authorities can directly monitor Chinese social media platforms and order them to remove anti-government posts. But they lack that ability on foreign sites like Facebook or X, where millions of Chinese users flock to avoid state surveillance and censorship.
“There is a lot of interest in social media monitoring and commentary on the part of the Chinese government,” said Marieke Ohlberg, a senior fellow in the Asia program of the German Marshall Fund. He reviewed some documents.
To control public opinion and prevent anti-government sentiment, control of key positions domestically is important, Ohlberg said. “Chinese authorities have a great interest in tracking users based in China,” he said.
The source of the leak “could be a rival intelligence service, a disgruntled insider, or even a rival contractor,” said John Hultquist, chief threat analyst at Google’s Mandiant cybersecurity division. The data indicate that I-SUN’s sponsors also include the Ministry of State Security and China’s military, the People’s Liberation Army, Hultquist said.
Lots of goals, lots of countries
A leaked draft contract shows that I-Sun was marketing “anti-terrorism” technical assistance to Xinjiang police to track the region’s native Uyghurs in Central and Southeast Asia, claiming it had a contract with Mongolia. , had access to hacked airline, cellular and government data from countries such as Malaysia. , Afghanistan and Thailand. It is unclear whether the contact was signed or not.
“We see a lot of targeting of organizations that belong to ethnic minorities – Tibetans, Uighurs. “The targeting of foreign entities can be viewed through the lens of the government’s domestic security priorities,” said Dakota Carey, China analyst at cybersecurity firm SentinelOne.
He said the documents appear legitimate because they are in line with what one would expect from a contractor hacking on behalf of China’s security apparatus with domestic political priorities.
Carey received a spreadsheet with a list of data repositories collected from victims and counted 14 governments as targets, including India, Indonesia, and Nigeria. Documents indicate that I-Sun mostly supports the Ministry of Public Security, he said.
Carey was also impressed by the goal set by Taiwan’s health ministry to determine its COVID-19 caseload by early 2021 — and by the low cost of some hacks. The documents show I-Sun charged $55,000 to hack Vietnam’s economy ministry, he said.
Although some chat records mention NATO, a preliminary review of the data by the AP found no indication of a successful hack of any NATO country. However, this does not mean that state-backed Chinese hackers are not trying to hack the US and its allies. If the leaker is inside China, which seems likely, Kerry said that “leaking information about hacking NATO would be really, really inflammatory” – prompting Chinese authorities to identify the hacker and A risk is appropriate to make it more firm.
Matthew Tartare, a malware researcher at cybersecurity firm ESET, says it has linked i-Sun to a Chinese state hacking group it calls Phishmonger which it actively tracks and which it Wrote about January 2020 The group hacked Hong Kong’s universities during student protests. He said that since 2022, Phishmonger has seen the targeting of governments, NGOs and think tanks in Asia, Europe, Central America and the United States.
French cybersecurity researcher Baptiste Robert also examined the documents and said it appeared I-Sun had found a way to hack accounts on X, formerly known as Twitter, even though they had Have two-factor authentication, as well as another way to analyze email inboxes. He said American cyber operators and their associates are among the potential suspects in the I-Sun leaks because it is in their interest to expose Chinese state hacking.
A spokesperson for US Cyber Command would not comment on whether the National Security Agency or CyberCom was involved in the leak. An email to X’s press office responded, “Busy right now, please check back later.”
Western governments, including the United States, have taken steps in recent years to crack down on Chinese state surveillance and persecution of government critics abroad. Laura Harth, campaign director of Safeguard Defenders, an advocacy group focusing on human rights in China, said such tactics create fear of the Chinese government among Chinese abroad and foreign citizens, stifle criticism and lead to self-censorship. Takes away. “They are a looming threat that is persistent and very difficult to avoid.”
Last year, US officials 40 members of Chinese police units were charged Tasked with harassing family members of Chinese dissidents abroad, as well as spreading pro-Beijing material online. The indictment describes tactics similar to those described in the I-SUN documents, Harth said. Chinese officials have accused the United States of similar activity. US officials, including FBI Director Chris Wray, have recently complained The Chinese state is concerned about hackers planting malware that could be used to damage civilian infrastructure.
On Monday, Chinese Foreign Ministry spokesman Mao Ning said that the US government has been working for a long time to compromise China’s critical infrastructure. He called on the US to “stop using cybersecurity issues to defame other countries.”
,
Kang reported from Chengdu, China. AP journalists Didi Tang in Washington, DC, and Larry Fenn in New York contributed to this report.
[ad_2]
Source link