While I was busy maintaining applications and doing some Linux engineering, data from the Chinese company I-SOON (安洵信息技术有限公司) was leaked on GitHub on the 16th February 2024. There’s moments where I like my diverse job tasks, but there are moments where I wish I could drop everything and focus on threat intel sprinkled and peppered with my sinology and journalism skills.
Instead, here’s an assorted list of links related to the I-SOON leak. Maybe one day I have time to dig into it - on the other hand, stories pass, there will be others. I attempted to only list sources that are in-depth and where I thought the authors had a grasp of Chinese.
The documents have been deleted since, a copy remains on the WayBack Machine.
If you’re short on time, read the analyses by Risky Biz, BushidoToken, NYT and Margin Research.
2023-10-27: Natto Thoughts on I-SOON and Chengdu 404 (APT41)
2024-02-18: Azaka Sekai/Still Mastodon Thread
2024-02-22: Will Thomas (BushidoToken) from Equinix on the impact of the leak
2024-02-22: Brian Krebs’ take
2024-02-23: Unit 42 by Palo Alto links it to previous campaigns
2024-02-24: NYT article by Paul Mozur and others, reproduced on the MCLC website
2024-02-24: Risky Biz editorial
2024-02-28: Natto Thoughts on I-SOON as a company
2024-02-29: Winnona Bernsen for Margin Research with analysis and key findings
2024-03-01: HarfangLab with a longer analysis on I-SOON’s capabilities
2024-03-07: Natto Thoughts on I-SOON’s business
2024-03-08: AP News analyses I-SOON as an infosec company in the Chinese company landscape
2024-03-18: TrendMicro links Earth Krahang campaign to I-SOON
2024-03-20: Recorded Future’s (Insikt Group) on I-SOON, links to RedAlpha, RedHotel, and Poison Carp
Special mention: Intrusion Truth conducts great OSINT to expose Chinese state-sponsored cyber operatives across several APTs. I’m still waiting for their angle on I-SOON. Here’s a recent ETH paper about them.
Some may wonder: Why no evening-weekend-all-nighters for my own analysis outside of work? You dreamer du.
Image source: “a panda looking like a hacker, wearing a hoodie, sitting in front of a computer”, Nightcafe/Animagine.
Last modified on 2024-03-24
Comments Disabled.