Massive leak reveals extent of China’s foreign hacking activities

A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
(Image credit: Getty Images)

Chinese police are currently investigating a massive data leak which originated from a private security contractor with alleged links to Chinese state security. 

The data, which made its way from the contractor called I-Soon to an upload on code repository Github, offers an unprecedented insight into the workings of an international cybersecurity operation. 

There are as yet few or no clues as to the leak culprits—or indeed their motives—but it appears that a Taiwanese analyst discovered the leaked stash on Github, and immediately shared it on their social media. An anonymous employee of I-Soon told the Associated Press that an investigation is currently underway inside the company, and that the employees were told that they should “continue working as normal” while it was underway.

China hacking

As well as outlining hacking activity and some of the tools used by the company, the leaked documents also gave an insider view of the targets. These include at least fourteen international government agencies, universities and perhaps unsurprisingly, Hong Kong agencies. It has to be noted that the authenticity of the documents is still not confirmed, although much of the information tallies with known threat vectors that have originated in the PRC in the past. 

I-Soon, also known as Shanghai Anxun Information Company, was started in Shanghai in 2010, and boasts several offices around China. The company’s website, which is currently offline, showcased a number of cybersecurity services, many of which were outlined in the 190 megabyte leak. The client page listed a number of Chinese regional security bureaus and public security departments, as well as the country’s Ministry of Public Security.

The leaked data is made up of an assortment of documents, screen grabs, and private chat conversations. The list also includes a selection of mundane information, such as complaints over low pay in the company and gambling habits of the employees. 

One of the interesting parts of the leak is the fact that AI translation has opened up the data to many more analysts than previously possible. The barrier to access is now much lower, with people outside of specialist Sinologists being able to evaluate the information quicker and easier. For example, we were able to use ChatGPT Vision to OCR decode and translate some of the document images in seconds, something that would have taken much longer in the past.

The uploads started sometime in mid-February, with thousands of WeChat messages and marketing documents hitting the Github servers. 

A large number of sales presentation documents boasting of  the company’s hacking abilities and past exploits are amongst the pile. According to reports, the data explicitly lists terrorism related targets that the company has previously hacked, including some in Pakistan and Afghanistan. The illicit documents also allegedly include the fees earned for some of these hacking projects. For example, one report says the company earned $55,000 for collecting data from a foreign country’s Ministry of Economy. 

This is not the first time GitHub has been the source of cybercriminal activity. In January 2024, it was revealed that multiple bad actors were deploying malicious payloads inside of GitHub’s legitimate traffic by exploiting its file and code sharing capabilities. The cybercriminals were also able to redirect this traffic to phishing sites.

More from TechRadar Pro

Nigel Powell
Tech Journalist

Nigel Powell is an author, columnist, and consultant with over 30 years of experience in the tech industry. He produced the weekly Don't Panic technology column in the Sunday Times newspaper for 16 years and is the author of the Sunday Times book of Computer Answers, published by Harper Collins. He has been a technology pundit on Sky Television's Global Village program and a regular contributor to BBC Radio Five's Men's Hour. He's an expert in all things software, security, privacy, mobile, AI, and tech innovation.

Read more
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
China
US Treasury declares ‘major incident’ after apparent state-sponsored Chinese hack
Data leak
Details of over 15,000 FortiGate devices leaked online, so be on your guard
China
Chinese hackers who targeted key US infrastructure charged by Justice Department
China
Chinese hackers develop effective new hacking technique to go after business networks
An American flag flying outside the US Capitol building against a blue sky
More alleged Chinese intrusions into the US Treasury revealed
Latest in Security
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
Latest in News
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
Nintendo Switch 2
Nintendo Switch 2 expected to have AI upscaling and I can't wait to finally play Tears of the Kingdom with upgraded graphics