The iSoon Leaks

Podcast Summary

• The corporatization of state-sponsored hacking: Chinese state-sponsored hacking-for-hire organization iSun's leaks revealed it hacked governments and individuals globally, shifting focus from clandestine entity to a business operation.

  State-sponsored hacking can be corporatized, turning it into a business operation. This was highlighted in the iSun data leak, which revealed the inner workings of a Chinese state-sponsored hacking-for-hire organization. Initially, the image of state-sponsored hacking might evoke thoughts of a clandestine, imposing structure. However, as states outsource their cyber operations, they increasingly rely on private sector vendors and consultants. The iSun leaks provided an unprecedented look into this world, revealing the company's involvement in hacking governments and individuals across the globe, including in Rwanda, Indonesia, Malaysia, Thailand, Vietnam, Cambodia, Nigeria, Mongolia, Myanmar, Taiwan, India, and Kyrgyzstan. This corporateization of state-sponsored hacking shifts the focus from a shadowy, mysterious entity to a more tangible business operation. May Wendowski, a cybersecurity researcher, was among the first to delve into the iSun files and her analysis served as the foundation for much of the subsequent reporting on the topic. As we continue to grapple with the evolving threat landscape of Chinese cyber operations, understanding the corporatization of state-sponsored hacking is crucial.

• Chinese cybersecurity company, ISun, exposed in leaked documents on GitHub: ISun, a Chinese info sec company, revealed to offer gov't projects, DDoS attacks, and social media monitoring, beyond stated services, based on leaked GitHub docs.

  ISun, a Chinese information security company, has been revealed to have provided services beyond what's stated on their website, including involvement in government projects, DDoS attacks, and social media monitoring. The company, headquartered in Shanghai with subsidiaries across China, has been a significant player in China's hacker-for-hire industry, as evidenced by leaked documents on GitHub. These leaks provided a unique insight into the inner workings of iSun and the Chinese cyber threat landscape, shedding light on the diversity of services offered and their potential role in state-sponsored cyber activities. The leaks served as an invaluable resource for researchers, offering a rare glimpse into the daily operations of a Chinese cybersecurity company.

• Iseng Technology's proactive role in shaping government contracts: Iseng's approach to securing government contracts involved late-night drinks and entertainment, regional understanding, and collaboration with competitors.

  Iseng Technology, a Chinese tech company, was involved in providing a range of services to both the government and other companies, including software development, enterprise security, and controversial offerings like DDoS attack software and surveillance services. The leaked communications reveal that Iseng actively courted government officials to secure contracts, engaging in practices like late-night drinks and entertainment to build relationships. This suggests a more proactive role for companies in shaping government contracts than previously understood. The process was complex, requiring understanding of regional officials and competitors, and sometimes involved collaborating with other information companies. Iseng's approach underscores the importance of building relationships and understanding client needs in the competitive tech industry.

• Chinese hacking groups outsource work to external vendors: Chinese hacking groups outsource work to external vendors like Isun and Chengdu 404, creating a decentralized and business-like ecosystem

  State-sponsored hacking in China may not always involve large, organized operations hidden in big buildings. Instead, some groups may outsource their work to external vendors, creating a more decentralized and business-like ecosystem. For instance, the companies Isun and Chengdu 404, which have been linked to advanced persistent threat groups, operate in a similar manner to ice cream, with close connections, shared resources, and even social interactions. Despite being indicted in 2020, these companies continued their activities, expanding their businesses and hiring more employees. The leaks do not necessarily indicate the absence of more formal state-sponsored hacking, but they do offer insights into a different aspect of the cyber threat landscape in China.

• Hacking-for-hire industry and its links to APT 41: The hacking-for-hire industry involves companies offering hacking services, with APT 41 linked to Chengdu 404. Legality is unclear due to government contracts, raising ethical concerns and emphasizing the need for strong cybersecurity measures.

  The cybersecurity landscape involves a complex ecosystem of companies, some of which offer hacking services for hire. APT 41, a known hacking group, is identified as being linked to Chengdu 404, a company that has been indicted for providing such services. The legality of these activities within China is unclear, as they are often carried out under government contract. This intricate web of businesses and governments raises significant questions about the ethical implications and potential consequences of the hacking-for-hire industry. It also underscores the importance of robust cybersecurity measures and the need for ongoing vigilance against emerging threats. Additionally, this episode was brought to you by Shopify, and organizations like the Center for Internet Security are working to provide resources and collaborate with IT professionals to help businesses navigate the ever-evolving cybersecurity landscape.

• State-sponsored hacking groups like APT 31 remain a significant threat: Understanding motivations and objectives of state-sponsored hacking groups is crucial for prevention efforts. Collaboration between public and private sectors is necessary to stay ahead of threat actors and protect against damage.

  State-sponsored hacking groups, such as APT 31, continue to pose a significant threat to various entities around the world, with China being a notable source of these campaigns. These groups are active, persistent, and seemingly unstoppable, as new groups emerge when others are identified and taken down. Understanding the motivations and objectives of these hacking groups is crucial for prevention and mitigation efforts. Despite the limitations of current strategies like naming and shaming, the cybersecurity community continues to explore effective methods for combating this global threat. The scale and complexity of these campaigns require a collaborative effort from both the public and private sectors to stay ahead of the threat actors and protect against potential damage.

• Protecting Economic Targets from Cyber Espionage: Identify a company's 'crown jewel' assets and prioritize their protection from cyber threats. Understand the sources of funding for cyber campaigns to determine motivations and intentions.

  While political and cyber aggression in the context of nation competition can be difficult to stop, it's essential to prioritize the protection of economic targets from cyber espionage. By identifying a company's "crown jewel," or most valuable assets, organizations can better defend against potential threats. Moreover, understanding the sources of funding for these campaigns is crucial in determining motivations and intentions. Regarding the specific company discussed, it appears to be a high-stress environment with low pay and a struggling business model. Despite the politically contentious nature of the industry, the company's employees and subsidiaries have faced financial losses for several years. These findings might be surprising, given the common assumption that high-stakes businesses offer substantial financial rewards. However, the research underscores the importance of understanding the realities of these organizations to protect against potential threats.