(News Trust of India): India Today’s Open Source Intelligence (OSINT) team has exposed a massive data leak from iSoon, a company allegedly linked to China’s Ministry of Public Security (MPS). This leak sheds light on a potential global cyber espionage operation targeting governments, businesses, and individuals across the globe.
What is the iSoon Leak?
The leak consists of thousands of documents, images, and chat messages found on GitHub. These files reveal details about iSoon’s alleged involvement in cyberattacks for the Chinese government. Interestingly, two iSoon employees confirmed the leak and claimed ongoing investigations by the company and Chinese police.
Translated Documents Shine a Light on Tactics and Targets
While the leaked data doesn’t include stolen information, the translated documents expose the modus operandi of the attackers, their targets, and even their internal discussions. These included:
- Targets ranging from NATO and European governments to private companies and even China’s allies like Pakistan.
- Extensive activity in India targeting the Ministry of Finance, External Affairs, and the presumed Home Ministry. During peak border tensions, hackers allegedly stole 5.49 GB of data from the “President’s Interior Ministry” (Home Ministry) in 2021.
- Breaches of user data from organizations like the Employees’ Provident Fund Organisation (EPFO), state telecom operator BSNL, Apollo Hospitals, and Air India (passenger check-in details).
- Access to around 95 GB of Indian immigration data from 2020, highlighting potential interest in movement patterns.
From Friends to Foes: No One is Safe
The leak reveals a broad range of targets beyond India, including:
- Pakistan: Alleged spying on the Pakistani Foreign Ministry, telecommunication company Zong, and even data retrieval from an “anti-terrorism center.”
- Other Countries: Nepal, Myanmar, Mongolia, Malaysia, Afghanistan, France, Thailand, Kazakhstan, Turkmenistan, Cambodia, and the Philippines.
Confirmation and a History of Malicious Activity
Independent experts confirmed the leak’s authenticity, calling it “rarely seen unhindered access” to an intelligence operation’s inner workings. This corroborates existing concerns about China’s hacking activities, as evidenced by recent US operations against a widespread Chinese campaign targeting internet-connected devices.
The Takeaway
The iSoon leak raises serious concerns about China’s alleged cyber espionage activities. It highlights the need for robust cybersecurity measures and international cooperation to combat such threats. While the extent of the damage is still unclear, this incident serves as a stark reminder of the evolving landscape of cyber threats and the importance of vigilance.