GitHub leak exposes Chinese offensive cyber operations



Recently, an unidentified group purportedly leaked a collection of Chinese government documents on the GitHub platform. The disclosed documents, according to Taiwanese threat intelligence researcher Azaka Sekai, shed light on China’s offensive cyber operations, revealing the utilization of spyware developed by I-Soon.

While various analysts have scrutinized the alleged leaked documents, their authenticity remains unconfirmed as of the time of this writing.

Efforts were made to contact I-Soon for a response, but no reply was received prior to the publication of this article.

Azaka Sekai asserts that the leaked documents offer a detailed glimpse into the inner workings of China’s state-sponsored cyber activities. Notably, certain offensive software is reported to have specific functionalities enabling the acquisition of users’ Twitter email and phone numbers, real-time monitoring, tweeting on their behalf, and reading direct messages.

According to the purported documentation, attackers can target both Android and iOS devices, extracting a plethora of sensitive information, including hardware details, GPS data, contacts, media files, and live audio recordings.

The alleged documents outline various devices that attackers can employ for espionage, including WiFi-capable devices capable of infiltrating targeted Android phones via a WiFi signal. Externally, these devices purportedly resemble portable batteries from a well-known Chinese manufacturer.

Azaka Sekai’s analysis of the Mandarin-written documents delves into different types of gadgets supposedly used by attackers, along with tools designed for surveillance on individuals through Chinese social media platforms like Weibo, Baidu, and WeChat.

A purported list has also surfaced, claiming to contain the names of countries affected by the spyware. According to this list, terabytes of information have been gathered from Pakistan, Nepal, Turkey, Kazakhstan, Kyrgyzstan, Malaysia, Mongolia, India, Egypt, France, Cambodia, Rwanda, Nigeria, Hong Kong, Indonesia, Vietnam, Burma, the Philippines, and Afghanistan. The victims’ roster includes TÜBİTAK, the Scientific and Technological Research Council of Turkey.

Furthermore, the leaked documents provide insights into the earnings of employees involved in spyware development. “Excluding C-level executives, the average after-tax salary is 7,600 RMB, approximately 1,000 USD. This remuneration is considered abysmal given the nature of their alleged activities,” commented one researcher.

Other news

Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware

UNC4990, a threat actor in Italy, uses weaponized USB devices to infect various sectors since late 2020. They deploy the EMPTYSPACE downloader via USB and third-party websites, with unclear motives, possibly involving cryptocurrency mining. The infection starts with a victim opening a malicious LNK shortcut file. Yoroi identified four EMPTYSPACE variants, including the QUIETBOARD backdoor.

Read More

Google’s New Tracking Protection in Chrome Blocks Third-Party Cookies

On Thursday, Google unveiled plans to initiate trials of a new feature named “Tracking Protection” beginning January 4, 2024, involving 1% of Chrome users. This move is part of Google’s broader initiative to phase out third-party cookies within the web browser

Read More