I-Soon: China's state-run foreign hackers exposed 

I-Soon: China's state-run foreign hackers exposed - MS KI

Share post

Internally, it is certainly the biggest betrayal of China: an employee of the company I-Soon revealed data and services that were used to attack foreign companies and governments. China denies the issue of foreign hackers, but the leaked data is overwhelming and the disclosure of the tools' capabilities is reminiscent of the day of the Snoden leaks. Now China has its own Snowden.

According to research by specialists at Malwarebytes and SentinelOne, this is what happened: Data from a Chinese cybersecurity provider working for the Chinese government revealed a number of hacking tools and services. Although the source is not entirely clear, it appears that a disgruntled employee of the group intentionally leaked the information.

Hackers in Chinese government services

The provider i-Soon (aka Anxun) is believed to be a private contractor working as an Advanced Persistent Threat (APT) for the Chinese Ministry of Public Security (MPS). The leaked data is divided into a few groups such as: B. Complaints about the company, chat records, financial information, products, employee information and details about foreign infiltration. According to the leaked data, i-Soon has infiltrated several government agencies, including those from India, Thailand, Vietnam, South Korea and NATO.

Some of the tools i-Soon has used are impressive enough. Some highlights:

  • Twitter (now
  • Custom RATs (Remote Access Trojans) for Windows x64/x86: Features include process/service/registry management, remote shell, keylogging, file access logging, system information retrieval, remote disconnection, and uninstallation.
  • The iOS version of the RAT also claims to authorize and support all non-jailbroken iOS device versions, with features such as hardware information, GPS data, contacts, media files and real-time audio recording as an extension. (Note: This part is from 2020)
  • The Android version can backup messages from all popular Chinese chat apps QQ, WeChat, Telegram and MoMo and is capable of boosting the system app for persistence against internal restore.
  • Portable devices for attacking networks from within.
  • Special equipment for employees working abroad to establish secure communication.
  • User search database that lists user data including phone number, name and email and can be correlated with social media accounts.
  • Targeted scenario framework for automated penetration testing.

Governments and NATO were the targets

While some of the information is outdated, the leaked data provides a glimpse into operations at a leading spyware provider and APT-for-Hire. In the coming weeks and months, the find will certainly spark some discussions in international diplomacy. Many countries will use the evidence to uncover the gaps in their national security. According to the companies Malwarebytes and SentinelOne, only the tip of the iceberg has been exposed. There is probably still a lot of material to be translated. Although this will take several more months, it will provide many important insights into state hackers from China.

More at Malwarebytes.com More at SentinelOne.com


Via Malwarebytes

Malwarebytes protects home users and businesses from dangerous threats, ransomware and exploits that are undetected by antivirus programs. Malwarebytes completely replaces other antivirus solutions in order to avert modern cybersecurity threats for private users and companies. More than 60.000 companies and millions of users trust Malwarebyte's innovative machine learning solutions and its security researchers to avert emerging threats and eliminate malware that antiquated security solutions fail to detect. You can find more information at www.malwarebytes.com.


About SentinelOne

SentinelOne is a global leader in AI security. The Singularity platform detects, prevents, and responds to cyberattacks at machine speed – enabling organizations to secure their endpoints, cloud workloads, containers, digital identities, and mobile and network-connected devices quickly, accurately, and easily.


Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

New wave of phishing: Attackers use Adobe InDesign

There is currently an increase in phishing attacks that abuse Adobe InDesign, a well-known and trusted document publishing system. ➡ Read more