The I-Soon leak is now the focus of computer security experts. Since last Sunday, data from this Chinese cybersecurity supplier, apparently based in Shanghai, has been mysteriously revealed on a GitHub account – a French translation is available here -, a data leak which has not been claimed.
Certainly, as the cybersecurity company Sentinel One notes, the authenticity of the documents from this company, linked to the APT41 group via the company Chengdu 404, is still “undecided”. But this data, a mixture of discussions, commercial pitches and internal documentation, seems to clearly highlight the way in which a private cyber service provider can work with state services and the operating methods used.
Marketing materials
Thus, according to the company Malwarebytes, we find among these marketing documents extolling the merits of I-Soon references to a Twitter information thief, which would make it possible to obtain a user’s email address, telephone number and interception of private messages. Likewise, Trojan horses for Windows have also been spotted, as well as an IOS version (Apple), which however dates from the 2020s, or even hacking equipment targeting Wi-Fi networks and a source intelligence platform. opened.
“We rarely have such unrestricted access to the internal workings of an intelligence operation,” one of Mandiant’s executives remarked to the Washington Post. “We have every reason to believe that this is authentic data from a contractor supporting domestic and global cyberespionage operations from China,” he adds. We learn, for example, that employees complain about the level of their salaries and that they play Mahjong in the office.
Samples
Another example, noted this time by the Risky Business newsletter: discussions show how a subcontractor can work with its client in this very competitive market, for example by offering samples to encourage the purchase of stolen data. In the example cited, the buyer is not convinced of the benefit of purchasing information on Jens Stoltenberg, the Secretary General of NATO.
So many tools which would have been used by the Chinese administration against around twenty government targets, including South Korea, India, Thailand and even Vietnam. An excel sheet of targets even mentions two teachers from Sciences-Po, two specialists in China and Asia. The prestigious school told the daily Le Monde that it was “in liaison with the competent authorities to establish the facts and the follow-up to be taken”.