Spread the love

Chinese company accused of hacking NATO and foreign governments

Photo: Getty Images Cybersecurity experts say i-Soon infiltrated the systems of a dozen governments and pro-democracy organizations in Hong Kong.

Oliver Hotham – Agence France-Presse and Jing Xuan Teng – Agence France-Presse in Beijing and Shanghai


  • Asia

A Chinese IT contractor was able to infiltrate NATO, foreign governments as well as social media accounts and personal computers, according to analysts who sifted through a major data breach of the company.

Experts from SentinelLabs and Malwarebytes, American cybersecurity companies, say that the incriminated company, i-Soon, infiltrated the systems of a dozen governments and pro-democracy organizations in Hong Kong.

I-Soon presents itself as a company specializing in IT security and has applied for tenders from the Chinese government.

His data was uploaded on February 16 to the GitHub sharing site. They contain chat files, presentations and target lists, according to analysts.

“The leak provides some of the most concrete details made public to date” about China’s alleged spying and reveals its “maturity,” SentinelLabs wrote in a report released Wednesday.

The leaker and his motives are unknown, but it “provides unprecedented insight into the internal operations of a state-affiliated hacking service provider,” according to SentinelLabs.

I-Soon was able to infiltrate ministries in India, Thailand, Vietnam and South Korea, among others, according to another report published Wednesday by Malwarebytes.

Implicated, the company i-Soon did not immediately respond to a request for comment from AFP.


The Chinese Ministry of Foreign Affairs, for its part, affirmed Thursday during a regular press briefing that it “was not aware” of this affair.

“As a matter of principle, China resolutely opposes all forms of cyberattacks and combats them in accordance with the law,” said Mao Ning, a ministry spokeswoman, in response to a question on the subject.

In the leaked documents, AFP found what appear to be lists of ministries in Thailand and the United Kingdom, as well as screenshots of attempts to log into the Facebook account of a person.

Other captures show a heated conversation between an i-Soon employee and a manager about his compensation, as well as a description of software that allows access to Outlook emails from a targeted person.

A document details bounties for hackers, including a payment of $55,000 to break into a ministry in Vietnam.

“As the leaked documents show, third-party companies play an important role in facilitating many of China's cyber attacks,” SentinelLabs believes.

Another screenshot describes a client request to illegally access the computer systems of the Minister of Foreign Affairs, the Prime Minister's Office, the National Intelligence Agency and other ministries from an unnamed country.

Trapped batteries

The experts who dissected the data leak indicate that i-Soon offered to take control of an account on the social network X (formerly Twitter).

The objective put forward by the firm to potential clients was to be able to monitor the activity of a target user and to read their private messages in particular.

In these alleged leaks, i-Soon also explains how its employees can access a person's computer, take control of it remotely, and monitor what they type.

Still according to these documents, i-Soon also offers to hack phone operating systems, including the Apple iPhone, or to illegally extract data via an external battery.

According to leaks, i-Soon applied for tenders from the authorities of the Xinjiang region (northwest China) to carry out hacking operations there in particular.

After several deadly attacks, the authorities have been imposing draconian measures in this region in the name of anti-terrorism for more than a decade.

Western studies, based on interpretations of official Chinese documents, testimonies of alleged victims and statistical extrapolations, accuse the authorities of repression against the Uyghurs, one of the indigenous minorities of Xinjiang.

i-Soon's website was unavailable Thursday, but online records from Tuesday indicate the company is based in Shanghai and has offices in Beijing and several provinces in China, particularly in Sichuan (southwest).

Teilor Stone

By Teilor Stone

Teilor Stone has been a reporter on the news desk since 2013. Before that she wrote about young adolescence and family dynamics for Styles and was the legal affairs correspondent for the Metro desk. Before joining Thesaxon , Teilor Stone worked as a staff writer at the Village Voice and a freelancer for Newsday, The Wall Street Journal, GQ and Mirabella. To get in touch, contact me through my teilor@nizhtimes.com 1-800-268-7116