What do we know about China's global cyber operations?
A tranche of leaked documents offers new insight into Beijing's sprawling mercenary hacking operation
Throughout much of former President Donald Trump's administration, national attention was focused on various allegations, insinuations, and affirmations of massive Russian hacking efforts to penetrate and influence various American cyber targets. For many, it was their first real exposure to the shadowy, clandestine world of cyber warfare that has become a major pillar of geopolitical jockeying. But while Russia and its digital sorties may have grabbed headlines over the past decade or so, a tranche of newly leaked files from Shanghai-based data collection firm iSoon has opened a rare window into China's massive cyber warfare operations. The leak, posted this month to GitHub, not only raises questions about Beijing's sprawling digital capacity but also highlights the intricate network of for-hire hackers China allegedly uses to expand its reach throughout the world — and snoop on its own citizens.
While the exact source of the leak remains at the moment unknown, the nearly 600 documents that comprise this breach have been widely verified as legitimate by numerous cybersecurity experts. Although the tranche does not include much in the way of specific data harvested by the Chinese hackers, it does illuminate the otherwise murky contours of who Beijing is watching, and who it's paying to watch.
Based on these new documents, here's what we know about China's global cyber operations.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
What did the commentators say?
The leak is an "unprecedented look" inside just one of the many companies the Chinese government contracts with for its "on-demand, mass data-collecting operations," The Washington Post said. It's rare to get "such unfettered access to the inner workings of any intelligence operation," cybersecurity expert John Hultquist said to the paper. While the documents are light on what iSoon uncovered throughout its investigations, it does feature "contracts, marketing presentations, product manuals, and client and employee lists," PBS News Hour said, adding that in total the leak shows how Chinese intelligence agencies "surveil dissidents overseas, hack other nations and promote pro-Beijing narratives on social media."
The leak exposes an eight-year-long data gathering operation that reached across Asia, including into India, Taiwan, Malaysia, and Hong Kong, as well as monitoring "activities of ethnic minorities in China and online gambling companies," said The New York Times.
The leak also highlights the "maturing nature of China's cyber espionage ecosystem," in which "government targeting requirements drive a competitive marketplace" for third-party hackers, information security analysts at Sentinel Labs said. The documents show an "ecosystem of contractors that has links to the Chinese patriotic hacking scene, which developed two decades ago and has since gone legit," Hultquist said in a separate interview with the Times.
In addition to targets and client agencies, the leaked documents also show some of the methodology used by hired hacking firms to conduct their espionage. Beyond unmasking users on social media, breaking into various communications accounts, and covering their investigatory tracks, hackers as described in the documents also utilized "devices disguised as power strips and batteries that can be used to compromise Wi-Fi networks," The Associated Press said.
What next?
The fallout from these leaked documents comes amid heightened tensions between the United States and China. This week FBI Director Chris Wray lashed out at an alleged Chinese effort to plant malware in various pieces of American infrastructure as operating on a "scale greater than we'd seen before."
"It's the tip of the iceberg," Wray added during an appearance at the Munich Security Conference. "One of many such efforts by the Chinese." In October, Wray called Chinese cyber operations the "biggest hacking program in the world by far, bigger than ever other major nation combined" in an interview with CBS News.
China, meanwhile, continues to outsource cybersecurity operations to a "large network of actors competing to exploit vulnerabilities and grow their businesses" with lucrative government contracts, said the Post.
Chinese officials are actively investigating the source of the iSoon leak, said AP. While the documents were first discovered by a "Taiwanese threat intel technical analyst who wasn't sure of the source" they could have come from "a disgruntled employee of iSoon, or even one of the characters mentioned in the chats" former FBI Cyber investigator Adam Kozy told SpyTalk.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Rafi Schwartz has worked as a politics writer at The Week since 2022, where he covers elections, Congress and the White House. He was previously a contributing writer with Mic focusing largely on politics, a senior writer with Splinter News, a staff writer for Fusion's news lab, and the managing editor of Heeb Magazine, a Jewish life and culture publication. Rafi's work has appeared in Rolling Stone, GOOD and The Forward, among others.
-
How would reaching net zero change our lives?
Today's Big Question Climate target could bring many benefits but global heating would continue
By Chas Newkey-Burden, The Week UK Published
-
2024 and the rebirth of body horror
Talking Point In a year of female-focused 'scintillating gore', have horror films gone too far?
By Chas Newkey-Burden, The Week UK Published
-
The Week Unwrapped: Has the rainbow lace campaign tied itself in knots?
Podcast Plus, could 'sexsomnia' claims derail more rape trials? And will 3D printing undermine gun controls?
By The Week Staff Published
-
Kari Lake: the election denier picked to lead Voice of America
In the Spotlight A staunch Trump ally with a history of incendiary rhetoric and spreading conspiracy theories is Donald Trump's pick to lead the country's premier state media outlet
By Rafi Schwartz, The Week US Published
-
Will Biden clear out death row before leaving office?
Today's Big Question Trump could oversee a 'wave of executions' otherwise
By Joel Mathis, The Week US Published
-
Inside Trump's billionaire Cabinet
The Explainer Is the government ready for a Trump administration stacked with some of the wealthiest people in the world?
By Rafi Schwartz, The Week US Published
-
News overload
Opinion Too much breaking news is breaking us
By Theunis Bates Published
-
The far-right conspiracy conduit who will be Trump's information gatekeeper
In the Spotlight How Natalie Harp rose from obscurity to trusted Trump aide
By David Faris Published
-
'Vance stands at a crossroads'
Instant Opinion Opinion, comment and editorials of the day
By Justin Klawans, The Week US Published
-
How will the rebels rule Syria?
Today's Big Question Fall of Assad regime is a 'historic opportunity' and a 'moment of huge peril' for country and region
By Elliott Goat, The Week UK Published
-
The potential effects of Israel's ceasefire with Hezbollah
THE EXPLAINER With the possibility of a region-wide war fading, the Palestinian militant group Hamas faces increased isolation and limited options
By Rafi Schwartz, The Week US Published