Skip to content

Illustration by iStock, Security Management

Massive Data Leak Reveals Methods and Targets of Chinese Government

Chinese police have opened an investigation looking into to last week’s unauthorized online release of documents revealing Chinese authorities’ methods and tools used to hack and spy on both Chinese and foreign nationals.

The more than 570 documents belonged to I-Soon, a private security contractor linked to China’s top policing agency, the Ministry of Public Security, as well as to other parts of the Chinese government.

Although the files, which were confirmed by two I-Soon employees, do not indicate the use of unique or impactful tools, analysts still consider them “highly significant,” according to the Associated Press. The hundreds of pages included client and employee lists, contracts, marketing presentations, product manuals, and spreadsheets. They also illustrate how Chinese authorities monitored overseas dissidents, hacked other nations, and used social media to promote a pro-Beijing agenda.

The files also include a description of the firm’s services, according to Risky Business Media, including malware, email data collection and analysis, hacking into Outlook accounts, monitoring activity on X, and more.

The documents show the tools also targeted ethnicities and dissidents within regions of China that have had “significant antigovernment protests, such as Hong Kong or the heavily Muslim region of Xinjiang in China’s far west,” according to the AP.

“Experts are poring over the documents, which offer an unusual glimpse inside the intense competition of China’s national security data-gathering industry,” The Washington Post reported. “…China’s model of mixing state support with a profit incentive has created a large network of actors competing to exploit vulnerabilities and grow their businesses.”

Some of the documents indicated I-Soon had accessed data—including from airline, cellular, and government organizations—from at least 20 foreign nations, including Afghanistan, Hong Kong, India, Malaysia, Mongolia, South Korea, Taiwan, Thailand, and Vietnam.

The data gleaned from Chinese hacking campaigns was not included in the leaked documents. However, one of the files indicated that I-Soon had hundreds of gigabytes of information on roads in Taiwan, which, if accurate, could give the Chinese military useful information if it ever invades the island-nation.

Other victims of hacking efforts included accounts on X, formerly known as Twitter, and the contractor was linked to a hacking group called Fishmonger—which was responsible for hacking Hong Kong universities during student protests, and has targeted governments, NGOs, and think tanks in Asia, Central America, Europe, and the United States, the AP reported.  

The files, which were posted to GitHub, also include employee complaints about pay, gambling in the office, and workload, indicating “infighting and dissatisfaction,” according to The Post. The files can still be found on GitHub.

“At one level, this leak does not change anything—it is no secret that China is a prolific cyber espionage actor so it probably will not change people’s views about the country,” Risky Business Media wrote. However, the article added that the United States could use these files to brief other countries about Chinese cyber espionage.