Leaked documents reveal that a Chinese cyber security firm claimed to possess the capability to hack the UK Foreign Office.
The i-Soon data leak comprises information from UK government agencies, think tanks, businesses, and charities.
Additional documents indicate successful hacks of public bodies and businesses in Asia and Europe, but it remains unclear if any were compromised.
The identity of the leaker remains undisclosed.
China’s embassy in the United Kingdom asserted its unawareness of the leak. It further stated that China “firmly opposes and combats all forms of cyberattacks in accordance with the law.”
According to the Associated Press, Chinese police and i-Soon are reportedly investigating the data dump.
The UK government has been asked for comment by the BBC.
Leak appears genuine
i-Soon, one of many private companies, offers cyber security services for China’s military, police, and security services.
Its Shanghai headquarters, with fewer than 25 employees, manages its operations.
On February 16, an online developer platform, GitHub, leaked a collection of 577 documents and chat logs.
According to three security researchers who spoke to the BBC, the leak seemed genuine.
The files expose eight years of i-Soon’s work, extracting data and gaining access to systems in the United Kingdom, France, and several Asian countries, including Taiwan, Pakistan, Malaysia, and Singapore.
In one case, a government organization in southwest China paid approximately $15,000 (£11,900) to gain access to the Vietnamese traffic police’s website.
In another case, software for running a disinformation campaign on X (formerly Twitter) was priced at $100,000 (£79,000).
‘Boss Lu’
In an undated chat log between “Boss Lu” and another unnamed user, the UK Foreign Office is identified as a priority target for i-Soon.
The unnamed participant claims to be aware of a Foreign Office software vulnerability. However, Boss Lu instructs them to focus on another organization because a competing contractor has been awarded the project.
In another chat log, a user sends i-Soon a list of UK targets. The targets include the British Treasury, Chatham House, and Amnesty International.
“We don’t have this to hand, but we can work on it,” says the recipient.
The pair then discuss their client’s prepayment for the unspecified information on the targets.
Other chat logs show that i-Soon employees discussed contracts with Jens Stoltenberg, NATO’s Secretary General.
A rare inside look
The leaks could provide a rare inside look into a “commercially-fueled, high-stakes intelligence operation,” according to Mandiant Intelligence’s chief analyst, John Hultquist.
The data demonstrates how the contractors serve “not only one agency, but multiple agencies at once,” he adds.
According to experts, the data leak could be for a variety of reasons.
It could be a disgruntled former employee, a foreign intelligence agency, or a malicious leak by a competitor attempting to undermine i-Soon’s public image.
Extensive coverage has focused on the workings of China’s cyber espionage campaign. However, this leak illuminates the unusual manner in which the private sector participates in those campaigns.
According to Dakota Carey, a non-resident fellow at the Atlantic Council’s Global China Hub, the results of Chinese authorities’ investigations are unlikely to be made public.
Click here for more news on Technology.