🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Discover the shocking revelations from the I-SOON leak on Github: Alleged espionage activities of a Chinese cybersecurity firm exposed. Unearth details on spyware tools, targeted organizations, and the involvement of major Chinese government institutions in this comprehensive blog post.
Protect your organization from external threats like data leaks, brand threats, dark web originated threats and more. Schedule a demo today!
Schedule a Demo
As an APT group the company had access to a variety of tools in its arsenal. We found that their product offerings were very interesting. We have listed out their functions and how they were used by the Chinese APT below.
Key Product Categories
Product Name: Twitter Control System
Purpose: Surveillance, control, and manipulation of conversations on Twitter, likely with a focus on targets outside the country of origin.
Key Features
Potential Applications
Technical Considerations
Ethical Concerns
We found some other interesting tool sets as well
Digital Information Solutions:
Other Products:
Features and Capabilities
A blog from Natto Thoughts, revealed the connection between APT 41, a chinese state sponsored hacking group and I-SOON.
Real life attribution of “I-SOON”
Multiple images in the leak reveal that the company has or was trying to form contracts with state agencies to supply surveillance information.
Images related to the quotation attempts from I-SOON reveal they were trying to supply surveillance instruments to a government agency in LHASA (The administrative capital of Tibet Autonomous Region), for which there are mentions in the chats between “shutdown” and “lengmo” the higher ups of ISOON.
Some notable buyers who purchased surveillance or remote access tools, Yuxi Public Security Bureau, Chongqing institute of Social Issues, UNIT 938 Hubei, Changting (Xiamen) Network Technology.
Data from Files - e182d867-dc18-43fd-a418-26dcf784242f_*_*.png
As per the data found in the leaked data the company had access to various organizations from multiple countries namely below -
Hong Kong:
India:
Kazakhstan:
Telecommunications Providers
Other Sources
Malaysia
Government Ministries
Telecommunications
Mongolia
Myanmar
Pakistan
South Korea
Thailand
Other affected countries
The content in the images has been translated into English for better understanding using public tools. Some information may be incorrectly translated. CloudSEK holds no responsibility for disputes arising due to translation errors.
Image revealing information about the data from EPFO India, text in the image reveals a project was launched to collect this information, and it was shared as a large success. 320 million lines containing the Names, PF numbers, Date of Birth, Gender, Father or Husband’s name, UAN, etc was leaked. The data amounted to 13.3 GB and was latest till July 8, 2021.
Another database titled UAN_REPOSITORY was also exfiltrated by the company. This breach had 180 million records and was 20.8GB. This was leaked on July 8, 2021 as well.
An image revealed the various folders the employee had access to. These folders are likely named based on the data they contain. Mentions of Peru, Oman, Ethiopia, Australia, Papua New Guinea, Palentnie, North Macedonia, Bosnia and Herzegovina, East Timor, Congo, Kazakhstan, Djibouti, Guinea, Cambodia, Romania, South Africa, Nauru, India and South Africa are found in the image.
A similar image revealing the targeted organizations is also found in the leak.
I-SOON claimed in their brand brochure about their ability and proficiency in targeting Indian government agencies.
I-SOON claiming in their brand brochure about their ability and proficiency to serve as an APT group with their focus on India and Tibet
Over recent months, the United States has faced a surge in cyber attacks, with ransomware incidents rising sharply from June to October 2024. Prominent groups, including Play, RansomHub, Lockbit, Qilin, and Meow, have targeted sectors such as Business Services, Manufacturing, IT, and Healthcare, compromising over 800 organizations. Major attacks included a breach of the City of Columbus by Rhysida ransomware and data leaks impacting Virginia’s Department of Elections and Healthcare.gov. Additionally, China’s "Salt Typhoon" espionage campaign is aggressively targeting U.S. ISPs, further complicating the cyber threat landscape. Hacktivist groups advocating pro-Russian and pro-Palestinian positions have also increased their attacks, affecting government entities and critical infrastructure. This report highlights the need for enhanced security protocols, regular audits, and public awareness initiatives to mitigate the growing cyber risks. Key recommendations include implementing multi-factor authentication, frequent employee training, and advanced threat monitoring to safeguard the nation's critical infrastructure and public trust.
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
8
min read
Discover the shocking revelations from the I-SOON leak on Github: Alleged espionage activities of a Chinese cybersecurity firm exposed. Unearth details on spyware tools, targeted organizations, and the involvement of major Chinese government institutions in this comprehensive blog post.
As an APT group the company had access to a variety of tools in its arsenal. We found that their product offerings were very interesting. We have listed out their functions and how they were used by the Chinese APT below.
Key Product Categories
Product Name: Twitter Control System
Purpose: Surveillance, control, and manipulation of conversations on Twitter, likely with a focus on targets outside the country of origin.
Key Features
Potential Applications
Technical Considerations
Ethical Concerns
We found some other interesting tool sets as well
Digital Information Solutions:
Other Products:
Features and Capabilities
A blog from Natto Thoughts, revealed the connection between APT 41, a chinese state sponsored hacking group and I-SOON.
Real life attribution of “I-SOON”
Multiple images in the leak reveal that the company has or was trying to form contracts with state agencies to supply surveillance information.
Images related to the quotation attempts from I-SOON reveal they were trying to supply surveillance instruments to a government agency in LHASA (The administrative capital of Tibet Autonomous Region), for which there are mentions in the chats between “shutdown” and “lengmo” the higher ups of ISOON.
Some notable buyers who purchased surveillance or remote access tools, Yuxi Public Security Bureau, Chongqing institute of Social Issues, UNIT 938 Hubei, Changting (Xiamen) Network Technology.
Data from Files - e182d867-dc18-43fd-a418-26dcf784242f_*_*.png
As per the data found in the leaked data the company had access to various organizations from multiple countries namely below -
Hong Kong:
India:
Kazakhstan:
Telecommunications Providers
Other Sources
Malaysia
Government Ministries
Telecommunications
Mongolia
Myanmar
Pakistan
South Korea
Thailand
Other affected countries
The content in the images has been translated into English for better understanding using public tools. Some information may be incorrectly translated. CloudSEK holds no responsibility for disputes arising due to translation errors.
Image revealing information about the data from EPFO India, text in the image reveals a project was launched to collect this information, and it was shared as a large success. 320 million lines containing the Names, PF numbers, Date of Birth, Gender, Father or Husband’s name, UAN, etc was leaked. The data amounted to 13.3 GB and was latest till July 8, 2021.
Another database titled UAN_REPOSITORY was also exfiltrated by the company. This breach had 180 million records and was 20.8GB. This was leaked on July 8, 2021 as well.
An image revealed the various folders the employee had access to. These folders are likely named based on the data they contain. Mentions of Peru, Oman, Ethiopia, Australia, Papua New Guinea, Palentnie, North Macedonia, Bosnia and Herzegovina, East Timor, Congo, Kazakhstan, Djibouti, Guinea, Cambodia, Romania, South Africa, Nauru, India and South Africa are found in the image.
A similar image revealing the targeted organizations is also found in the leak.
I-SOON claimed in their brand brochure about their ability and proficiency in targeting Indian government agencies.
I-SOON claiming in their brand brochure about their ability and proficiency to serve as an APT group with their focus on India and Tibet