A cache of Chinese government documents purportedly exposing the inner workings of China's offensive cyber operations has surfaced on GitHub. According to claims by Azaka Sekai, a Taiwanese threat intelligence researcher, the documents allegedly offer insights into China's sophisticated cyber activities and their use of I-Soon spyware. While various researchers have examined these documents, their authenticity remains unverified at present.
According to Sekai, the leaked documents delve into the intricate details of China's state-sponsored cyber endeavours. They outline the functionalities of offensive software, including the ability to extract sensitive data such as Twitter credentials, conduct real-time monitoring, and even post tweets on behalf of users. The spyware targets both Android and iOS devices, enabling the extraction of a plethora of personal information, including GPS data, contacts, media files, and live audio recordings.
Sekai's analysis of the Mandarin-language documents reportedly uncovers a range of gadgets utilised by attackers, along with espionage tools on Chinese social media platforms like Weibo, Baidu, and WeChat.
Moreover, the documents reportedly contain sensitive information from telecommunications providers, including Beeline and Tele2, operating in Kazakhstan. Notably, a list of victims includes prominent entities such as the Paris Institute of Political Studies (Sciences Po), Apollo Hospitals in India, and governmental bodies from neighbouring countries.
Even more revealing are insights into the compensation of employees involved in spyware development. One researcher expressed astonishment at the purportedly low salaries, stating 'most important of all, a lot of these people are underpaid workers, who would probably be most glad to be doing anything else,' suggesting that such remuneration is inadequate considering the nature of their activities.
As speculation mounts and investigations continue, the authenticity and implications of these leaked documents remain subjects of intense scrutiny within cybersecurity circles.