Leaked files show Chinese agency involved in hacking efforts in India, Thailand, UK, says report

Leaked documents from a Chinese state-linked hacking group have revealed attempts at infiltrating targets across at least 20 foreign governments and territories including India, Hong Kong, Thailand, South Korea, the United Kingdom, Taiwan and Malaysia, as per a US media report.

The group appears to have exploited alleged vulnerabilities in companies like Microsoft, Apple and Google, reported The Washington Post on Wednesday.

Over 570 files, images and chat logs related to the hacking attempts came from the Shanghai-based iSoon (also known as Auxun) firm that sells third-party hacking and data-gathering services to Chinese government bureaus, security groups and state-owned enterprises, said the report. The documents were posted to GitHub last week and have been deemed authentic by cybersecurity experts, The Post report said, adding that while the exact source of the leak is unknown, experts have attributed it to either a disgruntled employee or a rival hacking group.

The Post‘s analysis of the files found a spreadsheet containing 80 international targets — including 3 terabyte collection of call logs from South Korean telecom provider LG U Plus — which iSoon is believed to have successfully breached. Telecom firms in Hong Kong, Kazakhstan, Malaysia, Mongolia, Nepal and Taiwan were also among those targeted, as per the report.

India among targets

The report said that 95.2 gigabytes of immigration data from India was also collected.

As The Indian Express reported, the Indian Computer Emergency Response Team (Cert-In) is looking into whether the data in the leaked documents are new or collated from breaches in the past. The documents purportedly contain data from the Employees’ Provident Fund Organisation (EPFO), of BSNL users, and information with companies including Air India and Reliance.

“Cert-In had carried out a preliminary probe into the claims and it appears that the EPFO data present in the documents is from 2018 when its systems were impacted,” a senior government official told Express.

Clue to China’s plans in Taiwan?

Among the documents on GitHub was a sample spreadsheet of road–mapping data from the neighbouring island of Taiwan with which China has expressed interest in forced reunification. Such details could aid Beijing if it decides to invade Taiwan as information on Taipei’s roads, bridges, rails and other infrastructural structures could aid in deciding where and how military forces are deployed and distributed.

The Post said that iSoon clients also requested or obtained infrastructure data. “The spreadsheet showed that the firm had a sample of 459GB of road–mapping data from Taiwan,” said the US newspaper report.

“Understanding the highway terrain and location of bridges and tunnels is essential so you can move armoured forces and infantry around the island in an effort to occupy Taiwan,” said national security expert Dmitri Alperovitch told The Post.

As many as 10 government agencies in Thailand were also targeted, said the report. It said that the spreadsheets in the leaked data cache showed that iSoon holds sample data extracted from those agencies from key Thai agencies, including the foreign ministry, intelligence agency and the senate, during the 2020-22 period.

It added that chat logs included in the leak described selling data related to NATO in 2022, though the contents are unclear. It is also known whether the agency hacked into systems to collect this data or if it was collated from publicly available sources.

Britain under its radar too

Britain’s government agencies like the Home Office, Foreign Office and Treasury were among the list of iSoon’s targets, according to The Post report. British think tanks like Chatham House and the International Institute for Strategic Studies were among the targets as well, it added.

“In the current climate, we, along with many other organisations, are the target of regular attempted attacks from both state and non-state actors,” said a Chatham House spokesperson told The Post, adding that though it was concerned by the news, protection measures are in place to ward off such attacks.

The report added that China’s allies like Pakistan and Cambodia too were not left alone.

Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.