Leaked Documents Expose China’s Hacking Capabilities, Targets

A massive cache of leaked documents from a Chinese hacking contractor further underscores the global cybersecurity threats posed by China’s communist regime, experts say.
“The I-S00n incident should once again remind everyone that network security is national security. There is a war without gunpowder, and it is happening in cyberspace,” tech expert Chiang Ya-chi told The Epoch Times on Feb. 21.
Ms. Chiang is the president of the Taiwan Law and Technology Association and a professor who specializes in internet technology and intellectual property law at National Taiwan Ocean University.
The leaked documents show that I-S00n is funded by the Chinese Communist Party (CCP), Ms. Chiang said, noting that Bejing uses tools developed by firms such as I-S00n to infiltrate foreign governments and entities.
The analysis highlights some of the I-S00n products revealed by the documents, including what it calls a “Twitter stealer.”
“Features [of the Twitter stealer] include obtaining the user’s Twitter email and phone number, real-time monitoring, reading personal messages, and publishing tweets on the user’s behalf,” the analysis reads.
In one document page, I-S00n boasts that it had studied Twitter’s safety mechanism for years; thus, its product can allegedly bypass security features to target a Twitter user’s account.
The Malwarebytes analysis shows the following product description: “Custom Remote Access Trojans (RATs) for Windows x64/x86: Features include process/service/registry management, remote shell, keylogging, file access logging, obtaining system information, disconnecting remotely, and uninstallation.”
There are iOS and Android versions of the RATs. The iOS model claims to support all iOS device versions without jailbreaking, with features ranging from hardware information to GPS data, contacts, media files, and real-time audio records as an extension, according to the analysis.
I-S00n also has portable devices for “attacking networks from the inside,” it states.
The user lookup databases, which include users’ phone numbers, names, and email addresses, can be correlated with social media accounts, according to the Malwarebytes analysis.
“It shows explicitly how government targeting requirements drive a competitive marketplace of independent contractor hackers-for-hire.”