A leak of internal documents from Chinese hacking contractor iSoon reveals apparent hacking against European institutions and states, a German federal agency says
Details of the inside workings of the previously obscure Chinese hacking-for-hire firm emerged after an unknown person posted on GitHub documents including spreadsheets and chat histories. Security researchers linked the Chinese hack-for-hire contractor to Chinese state hacking groups tracked as RedHotel, RedAlpha and Poison Carp (see: iSoon Leak Shows Links to Chinese APT Groups).
Analysis by the German Federal Office for the Protection of the Constitution says the leak included screenshots that appear to depict file directories of European targets.
Among them is an image of a directory that appears to originate from a French organization listing classified European Union documents that contain the keyword “ZEUS.” The acronym stands for “ZED! For European Union Security” and is a European encryption standard. NATO communications also use ZEUS.
The German agency also uncovered a folder named “Notes of the Secretariat for European Affairs of North Macedonia,” as well as names of several British public offices - such as the U.K. Cabinet, Home Office and Ministry of Justice - listed as potential targets.
Previous analysis by security researchers of the leaked data has focused on iSoon’s activities in South Eastern Asia, mainly in Taiwan, Tibet and Thailand. China expert Dakota Cary earlier told Information Security Media Group the leaked documents indicate that iSoon’s main customer is the Ministry of Public Security. That would mean iSoon mostly receives contracts pegged to domestic security interests that require hacking into Asian organizations.