cybersim's blog
Archive Categories Tags RSS Feed About
Hugo Theme Diary by Rise
Ported from Makito's Journal.

© CC BY-NC-SA 4.0
2024 cybersim's blog
Archive Categories Tags RSS Feed About
All About I-SOON
A good ol' listicle.
folder Musings   label infosec   sinology  

While I was busy maintaining applications and doing some Linux engineering, data from the Chinese company I-SOON (安洵信息技术有限公司) was leaked on GitHub on the 16th February 2024. There’s moments where I like my diverse job tasks, but there are moments where I wish I could drop everything and focus on threat intel sprinkled and peppered with my sinology and journalism skills.

Instead, here’s an assorted list of links related to the I-SOON leak. Maybe one day I have time to dig into it - on the other hand, stories pass, there will be others. I attempted to only list sources that are in-depth and where I thought the authors had a grasp of Chinese.

The documents have been deleted since, a copy remains on the WayBack Machine.

If you’re short on time, read the analyses by Risky Biz, BushidoToken, NYT and Margin Research.

2023-10-27: Natto Thoughts on I-SOON and Chengdu 404 (APT41)

2024-02-18: Azaka Sekai/Still Mastodon Thread

2024-02-22: Will Thomas (BushidoToken) from Equinix on the impact of the leak

2024-02-22: Brian Krebs’ take

2024-02-23: Unit 42 by Palo Alto links it to previous campaigns

2024-02-24: NYT article by Paul Mozur and others, reproduced on the MCLC website

2024-02-24: Risky Biz editorial

2024-02-28: Natto Thoughts on I-SOON as a company

2024-02-29: Winnona Bernsen for Margin Research with analysis and key findings

2024-03-01: HarfangLab with a longer analysis on I-SOON’s capabilities

2024-03-07: Natto Thoughts on I-SOON’s business

2024-03-08: AP News analyses I-SOON as an infosec company in the Chinese company landscape

2024-03-18: TrendMicro links Earth Krahang campaign to I-SOON

2024-03-20: Recorded Future’s (Insikt Group) on I-SOON, links to RedAlpha, RedHotel, and Poison Carp

Special mention: Intrusion Truth conducts great OSINT to expose Chinese state-sponsored cyber operatives across several APTs. I’m still waiting for their angle on I-SOON. Here’s a recent ETH paper about them.

Some may wonder: Why no evening-weekend-all-nighters for my own analysis outside of work? You dreamer du.

Image source: “a panda looking like a hacker, wearing a hoodie, sitting in front of a computer”, Nightcafe/Animagine.

Last modified on 2024-03-24

Comments Disabled.