March 27, 2024
A Chinese cybersecurity company with links to the Communist Party government used its guns-for-hire hacking operation to target Australia, leaked documents reveal.
The revelation regarding the company, i-Soon, came as the Albanese government joined international condemnation of another state-affiliated hacking group in China that targeted British politicians and compromised Britain's Electoral Commission.
The UK attacks are not a one-off, with hundreds of Chinese companies suspected of supporting the regime's hacking exploits. I-Soon's role came to light last month in leaked documents first published by developer platform GitHub.
They detail insights into the day-today operations of i-Soon. The company presents as an IT training security company, but, according to the leak, facilitates Chinese government-backed cyberattack and espionage campaigns with targets around the world. The leaked data includes internal company communications, sales material and product manuals.
According to translations of screenshots included in the leak, seen by The Australian Financial Review, Australia is mentioned twice. One screenshot shows a projects folder and, within that, a folder labelled "Australia". But because the leak is a screenshot, the folder cannot be opened to see what details are inside.
"In the leaked documents, Australia as a country was on the targeted list, but there were no details of specific targets of Australia," Mei Danowski, a geopolitical intelligence researcher who publishes Natto Thoughts on Substack, told the Financial Review.
"In one chat log, the conversation mentioned they got some new samples related to Australia, but the conversation didn't say what kinds of samples they were. However, if samples were obtained, that means the targets have been compromised."
Ms Danowski said the leaked i-Soon documents showed the company often pitched to Chinese government agencies such as the Ministry of Public Security (MPS) or State Security (MSS).
"They often had to proactively make an 'educated' guess as to the interests of the MPS or MSS. When they had 'samples' - likely compromised data or access - they would show their 'clients' and ask if they would like to buy. This was probably the case of Australia which exemplified in the leaked documents," she said.
The nature of the targets and claimed victims of i-Soon since 2013 indicate the firm was heavily focused on government targets.
The material claims the firm breached agencies such as Britain's Home Office and National Crime Agency, India's Ministry of Foreign Affairs, Home Affairs and Defence, the Thai Prime Minister's Office, Vietnam's Supreme Court, South Africa Special Forces and dozens more.
"It is unclear what Australian targets were hacked, but the evidence points to at least the intent to hack targets in Australia for their clients," Internet 2.0 co-chief executive David Robinson said.
"The number of victims and data on file suggest a vast and sophisticated international hacking operation with strong commercial links to the Chinese government."
Opposition home affairs spokesman James Paterson said it was common for the Chinese Communist Party to use proxies, including front groups and commercial entities, to engage in hacking for hire against targets, including of strategic value.
"This makes it no less serious, and in some ways worse. It is not the act of a responsible actor to effectively fund and subsidise criminal activities," he said.
"It is very concerning to learn from the i-Soon leak that Advanced Persistent Threat [APT] actors backed by the Chinese government appear to have targeted Australia for the purposes of espionage."
Yesterday, the Albanese government said Australia's electoral systems had not been compromised by the hackers who targeted the UK, while joining in the international condemnation.
