Posted on 02/19/2024 10:50:15 AM PST by TigerClaws
The leaked documents supposedly discuss spyware developed by I-Soon, a Chinese infosec company, that’s targeting social media platforms, telecommunications companies, and other organizations worldwide. Researchers suspect the operations are orchestrated by the Chinese government.
Unknown individuals allegedly leaked a trove of Chinese government documents on GitHub. The documents reveal how China conducts offensive cyber operations with spyware developed by I-Soon, Taiwanese threat intelligence researcher Azaka Sekai claims.
While several researchers have analyzed the supposedly leaked documents, no official confirmation of their veracity exists as of the writing of this article.
We have reached out to I-Soon but did not receive a reply before publishing.
According to Azaka Sekai, the documents provide an intimate insight into the inner workings of China’s state-sponsored cyber activities. For example, some offensive software has specific features that supposedly allow “obtaining the user’s Twitter email and phone number, real-time monitoring, publishing tweets on their behalf, reading DMs.”
Attackers can supposedly target Android and iOS devices, obtaining a multitude of sensitive information, such as hardware information, GPS data, contacts, media files, and real-time audio recordings.
The alleged documentation reveals several gadgets that attackers can use to spy on victims, including WiFi-capable devices with the capability to inject targeted Android phones via a WiFi signal. From the outside, the device supposedly looks like a portable battery from a well-known Chinese manufacturer.
Azaka Sekai's analysis of the documents, which are written in Mandarin, details several different types of gadgets allegedly used by attackers, as well as products for spying on individuals using Chinese social media platforms such as Weibo, Baidu, and WeChat.
The information also revealed sensitive details from multiple telecommunications providers, for example, Beeline and Tele2 providers operating in Kazakhstan.
Interestingly, researchers uncovered a victim list that included the Paris Institute of Political Studies, also known as Sciences Po, a large private hospital network in India, Apollo Hospitals, and multiple government entities from China’s neighboring countries.
The documents even reveal how much employees who make the spyware earn. “Excluding the C-level execs, the average salary is 7,600 RMB after tax. That’s like 1,000 USD. That is absolutely abysmal for what they’re allegedly doing,” a researcher said on Mastodon.
More info on the victims:
TBs of data stolen from Pakistan, Kazakhstan, Kyrgyzstan, Malaysia, Mongolia, Nepal, Turkey, India, Egypt, France, Cambodia, Rwanda, Nigeria, Hong Kong, Indonesia, Vietnam, Myanmar, Philippines, Afghanistan.
> screenshot of a list of bunch of UK agencies (purpose unknown), including
- Home Office
- British Treasury
- DFID
- UK Department for Business, Energy and Industrial Warfare
- UK Department of Education
- UK Department for Environment and Food+
- Department for Brexit
- british department for transport
- UK Ministry of Health and Social Care
- British Ministry of Justice
- UK National Crime Agency
- HMRC
- chathamhouse chathamhouse
- British Institute for International Strategic Studies IISS
- Center for Foreign Policy Studies
- Center for Defense and International Security Studies
- Rand Institute European Branch
- Haiding Group
- Human Rights Watch
- Amnesty International
quote:
2022-05-06
> which one did they want (from UK)? foreign affairs? the most important one they wanted
> yep, top priority
> okay, the team just told me there’s a chance we can take control of the system
> team says they’ve got a 0day and for sure can take the system; will take about 2 weeks. can they pay in advance?
> https://infosec.exchange/@still/111954872879820044
*screenshot content*
> UK Foreign Affairs had already been taken by another contractor
> choose a different one
> ??
quote:
Re:
- Kyrgyzstan Diplomatic Oil Service
- National Security Council Oil Service
- Asan Central Bureau of Investigation for Foreign Affairs and Defense (It seems that they have it all!)
quote:
they had also thought about getting access to NATO but decided it was too difficult
quote:
A: client says NATO is not exactly possible
> B: what do they mean by “not exactly possible?”
> A: they had already tried NATO before
> A: also they’re not exactly interested
> B: we’ve got stuff from their chairman
> B: stuff from Jens Stoltenberg
> A: well not everything you think is interesting will necessarily be the same for others
> B: what about making it cheaper? I’m running low on money
> A: it’s not about how much it costs, but that it’s not worth it
(I won’t post a link to the actual leak as a. it’s in Mandarin and b. could be illegal to post.)
But it’s a site called Github Repo for those with media.
This is what happens when you get free libraries from places like GitHub that’s not fully open source (where you see all of the underlying source code). I’m not dissing GitHub per se. I’m saying open source should be the only free libraries you use because that has the plain source code you can verify.
You misunderstand (which is understandable given the poor writing of the article) - this wasn’t a hack of software on Github - the leakers published the info ON Github.
Maybe I misunderstand it. I was under the impression that GitHub was used both to announce what happened, and before that Github was used as the instrument of spreading the China hacking malware.
“places like GitHub that’s not fully open source (where you see all of the underlying source code).”
I’m a simple user of GitHub for source code. I decide what’s up there in my account (which is all of it). What do you mean by “where you see all of the source code”. Doesn’t each user decide that?
It's been maybe 8 or so years since I've used GitHub (the team I'm in now buys 3rd party libraries so I get our "shared" code from those vendors directly). But that's my experience.
“some sources had only the .dll libraries that I could download and reference in my code but never see the source code.”
Gotcha.
I knew of a company that bought the “source code” for something or other. They got the source code but all of the comments were stripped out.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.