by US officials are scouring a trove of newly leaked documents from a Chinese technology firm for clues about how the government in Beijing is allegedly using the company in broad hacking campaigns, said multiple US cyber security officials who they know about the matter with CNN.
The Biden administration is studying the leak, but private experts told CNN it provides some of the clearest public evidence yet of how they believe China’s powerful security agencies outsource hacking operations to tech firms. to target victims around the world.
The documents, posted online anonymously last weekend for anyone to access, include screenshots of chat logs, as well as Chinese government employee and client records of technology firm I-Soon. Among the company’s hacking victims are exiled Tibetan political groups, hospitals in Taiwan and India to Hong Kong universities after mass pro-democracy protests in 2019, according to the leaked data. More than a dozen foreign governments, mostly Asian, have been listed as targets.
I-Soon’s clients include China’s police, intelligence service and military, according to a spreadsheet listing 183 contracts signed by I-Soon’s subsidiary in southwestern Sichuan province between 2016 and 2022.
“This is some of the best visibility we’ve had of Chinese hacking operations outside of the government’s SCIF,” said Adam Kozy, who used to track Chinese hackers for the FBI, using an acronym for classified facilities.
“I don’t know the details you mentioned. In principle, I would like to emphasize that China firmly opposes shame and unjustified smearing against China,” Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, DC, said in an emailed statement when asked for comment. on him.
“The so-called claim that Chinese authorities monitor overseas dissidents is completely fabricated,” Liu’s statement continued. “China is a major victim of cyber attacks. We maintain a firm stance against all forms of cyber-attacks and use legal means to combat them. China does not encourage, support or condone attacks launched by hackers.”
Wu Haibo, CEO of privately owned Shanghai-based I-Soon, did not respond to multiple requests for comment.
The leak comes amid unprecedented tensions in US-China relations in cyberspace and appears to fly in the face of Beijing’s repeated denials that it sponsors cyber attacks.
FBI Director Christopher Wray and other top US officials warned Congress last month that another team of Chinese hackers unrelated to I-Soon has infiltrated critical US infrastructure and could use that access to disrupt any US military response to a possible Chinese invasion of Taiwan.
Beijing has strongly denied the allegations and accuses the United States of carrying out its own cyber attacks.
“The Chinese government is really trying to change this narrative that China hacks other countries,” Dakota Cary, a consultant at security firm SentinelOne who focuses on China, told CNN. “So I guess [the leaks will] really upset.”
GitHub, the popular software developer platform where the data was leaked, took down the documents late Thursday, saying the data was a “violation of GitHub’s terms of service.”
‘Recommendation’ from Chinese officials
I-Soon allegedly targeted cyberespionage, including against governments across Asia, according to a CNN review of the data and interviews with private experts.
Telecommunications companies were also very much on the list. Hundreds of gigabytes of call logs and user data were hacked from operators in countries including South Korea, Kazakhstan and Afghanistan.
In a leaked marketing presentation, I-Soon announced its participation in an unspecified hacking project for China’s Ministry of Public Security in 2018. The project achieved “significant results” and received “recognition and praise” from Chinese officials, according to slide presentation.
The leak also shows that his business of obtaining information for China’s security services is doing well years after the US Department of Justice indicted some of Wu’s associates and added them to a “Cyber Most Wanted List” the FBI for a worldwide hockey spree that targeted more than 100. companies around the world.
In September 2020, according to the leaked chat logs, Wu shared a news article describing the additions to the FBI’s “Most Wanted Cyber List”. Four of those people were in the same WeChat group as Wu, according to the leaks. The executive responded by suggesting that they celebrate being “verified by the FBI.”
Chinese court documents show that I-Soon later developed a business relationship with the hacking group wanted by the FBI.
In sharp contrast to the private boasting from I-Soon, the Chinese government has gone to great lengths to hide its alleged affiliation with pro-Beijing hacking operations, according to private cybersecurity executives who have tracked the activity for years. .
After the Obama administration secured an agreement in 2015 from Chinese leader Xi Jinping that Beijing would not “knowingly steal or support the theft of cyber-enabled intellectual property,” the Chinese government is increasingly tapping contractors like I-Soon to feature of giving plausible deniability. for its hacking operations, Adam Meyers, senior vice president at US cyber security company CrowdStrike, told CNN.
China’s military reorganization in recent years, and the need to cover its hackers’ tracks, Meyers said, have encouraged the Chinese government to “pursue more of these companies to get directly involved with offensive operations.”
For more CNN news and newsletters create an account at CNN.com
