What do we know about China's global cyber operations?

Throughout much of former President Donald Trump's administration, national attention was focused on various allegations, insinuations, and affirmations of massive Russian hacking efforts to penetrate and influence various American cyber targets. For many, it was their first real exposure to the shadowy, clandestine world of cyber warfare that has become a major pillar of geopolitical jockeying. But while Russia and its digital sorties may have grabbed headlines over the past decade or so, a tranche of newly leaked files from Shanghai-based data collection firm iSoon has opened a rare window into China's massive cyber warfare operations. The leak, posted this month to GitHub, not only raises questions about Beijing's sprawling digital capacity but also highlights the intricate network of for-hire hackers China allegedly uses to expand its reach throughout the world — and snoop on its own citizens. 

While the exact source of the leak remains at the moment unknown, the nearly 600 documents that comprise this breach have been widely verified as legitimate by numerous cybersecurity experts. Although the tranche does not include much in the way of specific data harvested by the Chinese hackers, it does illuminate the otherwise murky contours of who Beijing is watching, and who it's paying to watch. 

Based on these new documents, here's what we know about China's global cyber operations.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

What did the commentators say?

The leak is an "unprecedented look" inside just one of the many companies the Chinese government contracts with for its "on-demand, mass data-collecting operations," The Washington Post said. It's rare to get "such unfettered access to the inner workings of any intelligence operation," cybersecurity expert John Hultquist said to the paper. While the documents are light on what iSoon uncovered throughout its investigations, it does feature "contracts, marketing presentations, product manuals, and client and employee lists," PBS News Hour said, adding that in total the leak shows how Chinese intelligence agencies "surveil dissidents overseas, hack other nations and promote pro-Beijing narratives on social media."

The leak exposes an eight-year-long data gathering operation that reached across Asia, including into India, Taiwan, Malaysia, and Hong Kong, as well as monitoring "activities of ethnic minorities in China and online gambling companies," said The New York Times. 

The leak also highlights the "maturing nature of China's cyber espionage ecosystem," in which "government targeting requirements drive a competitive marketplace" for third-party hackers, information security analysts at Sentinel Labs said. The documents show an "ecosystem of contractors that has links to the Chinese patriotic hacking scene, which developed two decades ago and has since gone legit," Hultquist said in a separate interview with the Times. 

In addition to targets and client agencies, the leaked documents also show some of the methodology used by hired hacking firms to conduct their espionage. Beyond unmasking users on social media, breaking into various communications accounts, and covering their investigatory tracks, hackers as described in the documents also utilized "devices disguised as power strips and batteries that can be used to compromise Wi-Fi networks," The Associated Press said. 

What next? 

The fallout from these leaked documents comes amid heightened tensions between the United States and China. This week FBI Director Chris Wray lashed out at an alleged Chinese effort to plant malware in various pieces of American infrastructure as operating on a "scale greater than we'd seen before." 

"It's the tip of the iceberg," Wray added during an appearance at the Munich Security Conference. "One of many such efforts by the Chinese." In October, Wray called Chinese cyber operations the "biggest hacking program in the world by far, bigger than ever other major nation combined" in an interview with CBS News. 

China, meanwhile, continues to outsource cybersecurity operations to a "large network of actors competing to exploit vulnerabilities and grow their businesses" with lucrative government contracts, said the Post. 

Chinese officials are actively investigating the source of the iSoon leak, said AP. While the documents were first discovered by a "Taiwanese threat intel technical analyst who wasn't sure of the source" they could have come from "a disgruntled employee of iSoon, or even one of the characters mentioned in the chats" former FBI Cyber investigator Adam Kozy told SpyTalk.