Massive leak shows Chinese firm hacked foreign govts, activists

BEIJING - A Chinese tech security firm was able to breach foreign governments, infiltrate social media accounts and hack personal computers, a massive data leak analysed by experts this week revealed.

The trove of documents from I-Soon, a private company that competed for Chinese government contracts, shows that its hackers compromised more than a dozen governments, according to cybersecurity firms SentinelLabs and Malwarebytes.

I-Soon also breached "democracy organisations" in China's semi-autonomous city of Hong Kong, universities and the NATO military alliance, SentinelLabs researchers wrote Wednesday.

The leaked data, the contents of which AFP was unable to immediately verify, was posted last week on the online software repository GitHub by an unknown individual.

"The leak provides some of the most concrete details seen publicly to date, revealing the maturing nature of China's cyber espionage ecosystem," SentinelLabs analysts said.

I-Soon was able to breach government offices in India, Thailand, Vietnam and South Korea, among others, Malwarebytes said in a separate post on Wednesday.

I-Soon's website was not available Thursday morning, though an internet archive snapshot of the site from Tuesday says it is based in Shanghai, with subsidiaries and offices in Beijing, Sichuan, Jiangsu and Zhejiang.

The firm did not reply to a request for comment from AFP.

The leak -- posted online -- contains hundreds of files showing chatlogs, presentations and lists of targets.

AFP found what appeared to be lists of Thai and UK government departments among the leaks, as well as screenshots of attempts to log into an individual's Facebook account.

Other screenshots showed arguments between an employee and a supervisor over salaries, as well as a document describing software aimed at accessing a target's Outlook emails.

"As demonstrated by the leaked documents, third-party contractors play a significant role in facilitating and executing many of China's offensive operations in the cyber domain," SentinelLabs analysts said.

Analysts who examined the files said the company also offered potential clients the ability to break into accounts of individuals on social media platform X -- monitoring their activity, reading their private messages, and sending posts.

It also laid out how the firm's hackers could access and take over a person's computer remotely, allowing them to execute commands and monitor what they type.

Other services included ways to breach Apple's iPhone and other smartphone operating systems, as well as custom hardware -- including a powerbank that can extract data from a device and send it to the hackers.