Chinese hackers offered a range of services at different prices. Leaked documents revealed that a local government in southwest China paid less than $15,000 for access to the private website of traffic police in Vietnam. Other services such as hacking software to run disinformation campaigns and hack accounts on X were available for $100,000, and for $278,000 customers could obtain personal information behind social media accounts on platforms like Telegram and Facebook. I-Soon, a Chinese security firm, sold these hacking tools and data caches as part of an eight-year effort to target databases and tap communications in South Korea, Taiwan, Hong Kong, Malaysia, India, and other Asian countries.
The leaked files, posted to a public website, provided rare insight into China’s state-backed hackers for hire and showed how Chinese law enforcement and spy agencies have reached outside their own ranks to utilize private-sector talent in a hacking campaign that has targeted American companies and government agencies for the past decade. The leak, which revealed data supporting global and domestic cyberespionage operations out of China, illustrated how I-Soon worked for a range of Chinese government entities that sponsor hacking including the Ministry of State Security, the People’s Liberation Army, and China’s national police.
The leak also outlined the work of China’s entrepreneurial hacking contractors, who at times failed to heed Beijing’s diplomatic priorities and upset foreign governments with their tactics. The leak showed that, despite some sophisticated top-down hacks, China’s number of attacks originating online has surged, and has targeted a wide range of information including Ebola vaccines and driverless car technology.
The leaked files also indicated that China’s government itself sought to limit the hacking operations while using nongovernmental entities to go after commercial and official targets. The revelations gained about Chinese attacks are likely to confirm the fears of policymakers in Washington, where officials have issued repeated warnings about such hacks.