Chinese Hacking Tools Revealed in Giant Leak (I-S00N)
Preface
This is what the leak looks like at first glance.
The leaked information was posted by an insider whistleblower from Anxun in Shanghai, a company closely linked to the Chinese government and Ministry of Public Security. They are believed to be responsible for some of the overseas spying on government and organizational entities, as well as developing tools used for cyberattacks and general cybercrimes against other parties, including spyware that the Chinese company I-S00N (which gives the repository its name) helped develop.
Confirmed affected countries
Armenia
BeelineEstonia
Tele2Kazakhstan
Beeline, Tele2Kyrgyzstan
BeelineLatvia
Tele2Lithuania
Tele2Russia
BeelineSweden
Tele2Georgia
Beeline
Location information from leaked data
Statements of Third Parties and Researchers
According to Azak Sekai, a Taiwanese threat researcher, some spyware have specific features that allegedly allow you to “obtain a Twitter user’s email and phone number, follow them in real time, tweet on their behalf, read DMs,” and also attack Android and iOS devices, obtaining hardware information, GPS data, contacts, media files and audio recordings in real time.
The repository reveals several gadgets that attackers can use for spying, including WiFi-enabled devices that can infiltrate target Android phones via a WiFi signal, disguised as a battery from a well-known Chinese manufacturer. Azaka Sekai’s analysis details several different types of equipment, including products for spying on Chinese social platforms such as Weibo, Baidu and WeChat.
The repository revealed confidential data from several telecommunications providers, such as Beeline and Tele2, operating in Kazakhstan, as well as a list of victims that included the Paris Institute of Political Studies and Apollo Hospitals (a large chain of private hospitals in India).
Azaka Sekai also claims that the repo even reveals how much the employees who create the spyware earn. “Excluding senior executives, the average salary is 7,600 yuan after taxes. That’s about $1,000 US dollars. It’s completely insignificant for what they claim to do.” In today’s money, 7,600 yuan is 1,056.40 US dollars or 977.36 euros.
Draining internal communications
Below is a small part of these messages
date | Chinese | Russian | Meaning |
2020-11-25 06:56:49 | 那河源国宝没得啥子搞头,他们想的是,我们给aq提供过的数据,可以少量给他们出情报,和公司一些小合作,走特费这种 | Heiyuan National Treasure has nothing to do. They believe that the data we provided to aq can give them a small amount of information, as well as a small cooperation with companies, such as special fees. | Anxun wants to sell information to the Chinese government and collaborate with other companies for a “special fee.” |
2020-11-25 06:48:40 | Home | If it’s something that was sold for safety, would it be cheaper if it was sold as wa? When selling, does this mean that aq has already been purchased? | Anxun wants to sell information to the highest bidder and advertises what will bring the most profit. |
2022-01-11 10:41:54 | 不然一起吃牢饭[旺柴] | Otherwise we’ll all end up in jail together. [Ван Чай]. |
As the cybersecurity community makes sense of these revelations, critical questions arise. What are the true intentions behind I-S00N’s actions? Why did the data breach happen now and what implications does it have for cybersecurity around the world? Amid the uncertainty, one thing is clear: cybersecurity is more important than ever. In an era where data warfare can be as destructive and dangerous as traditional conflicts, understanding and addressing cybersecurity threats is imperative. The digital landscape is a vast threat surface where adversaries are elusive and outcomes unpredictable. In this digital battlefield, vigilance and preparedness are paramount to defend against the ever-evolving cyber threats that permeate our interconnected world.
Links to sources of complete leaks of information can be found in my telegram channel: t.me/it_GARDen
