Proof of China Firms Hacking Foreign Governments Surfaces Which Countries were Targeted

A massive data leak has exposed the hacking activities of a Chinese tech firm, i-Soon, which has been linked to China’s top policing agency and other parts of its government. 

The data leak, which was posted online by an anonymous whistleblower, shows that i-Soon hacked into the systems and networks of foreign governments, organizations, and individuals, in order to collect and exploit sensitive and valuable information. The data leak also reveals the tools and techniques that i-Soon used to conduct its cyber espionage and sabotage operations.

What are the contents and sources of the data leak?

The data leak consists of more than 200 gigabytes of files and records, which cover eight years of i-Soon’s work from 2016 to 2024. The data leak includes:

• Documents and contracts: The data leak contains documents and contracts that show i-Soon’s business dealings and relationships with various Chinese government agencies and entities, such as the Ministry of Public Security, the Ministry of State Security, the People’s Liberation Army, and the Communist Party of China. The documents and contracts also show i-Soon’s bids and proposals for various government projects and contracts, such as the “Anti-Cyber Crime Office” and the “National Cybersecurity Center”.
• Hacking reports and evidence: The data leak contains hacking reports and evidence that show i-Soon’s hacking targets and results, such as the names, IP addresses, passwords, and files of the hacked systems and networks. The hacking reports and evidence also show i-Soon’s hacking methods and tools, such as the malware, exploits, and vulnerabilities that i-Soon used to infiltrate and compromise the systems and networks.
• Communications and transactions: The data leak contains communications and transactions that show i-Soon’s interactions and exchanges with its clients, partners, and sources, such as the emails, messages, phone calls, and payments that i-Soon sent and received. The communications and transactions also show i-Soon’s contacts and connections with foreign agents and intermediaries, such as the Russian intelligence officer, the person using a Russian phone number, and the company based in Cyprus.

The data leak was posted online by an anonymous whistleblower, who claimed to be a former employee of i-Soon, and who said that he or she wanted to expose i-Soon’s illegal and unethical activities, and to warn the public and the authorities about the dangers and risks of i-Soon’s hacking operations. The whistleblower also said that he or she had contacted and cooperated with some media outlets and human rights organizations, such as the Los Angeles Times, the Associated Press, and Amnesty International, to verify and publicize the data leak.

Which countries were targeted by i-Soon’s hacking operations?

According to the data leak, i-Soon’s hacking operations targeted a wide range of countries and regions, both in Asia and beyond, such as:

• Southeast Asia: i-Soon hacked into the systems and networks of several Southeast Asian countries, such as Singapore, Malaysia, Indonesia, Thailand, and the Philippines, in order to collect and exploit information on their political, economic, and security affairs, as well as to interfere and influence their domestic and foreign policies. For example, i-Soon hacked into the email system of the Singaporean Foreign Ministry, and obtained confidential and sensitive documents and communications on Singapore’s relations and negotiations with China and other countries.
• Taiwan and Hong Kong: i-Soon hacked into the systems and networks of various organizations and individuals in Taiwan and Hong Kong, in order to monitor and suppress their pro-democracy and anti-China activities, as well as to sow discord and chaos in their societies. For example, i-Soon hacked into the systems and networks of the Democratic Progressive Party, the ruling party of Taiwan, and obtained personal and political information on its members and leaders, such as President Tsai Ing-wen.
• Europe and the US: i-Soon hacked into the systems and networks of some European and American countries and entities, in order to gather and analyze information on their strategies and actions regarding China and other global issues, as well as to disrupt and damage their interests and assets. For example, i-Soon hacked into the systems and networks of the NATO headquarters in Brussels, and obtained classified and confidential documents and communications on NATO’s military and security plans and operations.

A massive data leak has exposed the hacking activities of a Chinese tech firm, i-Soon, which has been linked to China’s top policing agency and other parts of its government. The data leak shows that i-Soon hacked into the systems and networks of foreign governments, organizations, and individuals, in order to collect and exploit sensitive and valuable information. The data leak also reveals the tools and techniques that i-Soon used to conduct its cyber espionage and sabotage operations. 

The data leak was posted online by an anonymous whistleblower, who claimed to be a former employee of i-Soon, and who said that he or she wanted to expose i-Soon’s illegal and unethical activities, and to warn the public and the authorities about the dangers and risks of i-Soon’s hacking operations. The data leak shows that i-Soon’s hacking operations targeted a wide range of countries and regions, both in Asia and beyond, such as Southeast Asia, Taiwan, Hong Kong, Europe, and the US.