Leak Reveals ‘First-Of-Its-Kind’ Look At Hackers For Hire In China: Researchers

The SentinelOne threat researchers wrote in a post that the I-Soon leak reveals ‘the maturing nature of China’s cyber espionage ecosystem.’

The leak of documents from China-based security firm I-Soon is providing previously unavailable insights into the world of “hacking-for-hire” in the country, according to threat researchers from SentinelOne.

The cache of documents, posted online last week, “provides a first-of-its-kind look at the internal operations of a state-affiliated hacking contractor,” wrote Dakota Cary and Aleksandar Milenkoski, researchers at cybersecurity vendor SentinelOne.

[Related: US Agencies Warn About Network Devices 'Frequently Exploited' By China-Linked Hacking Group]

The New York Times reported Thursday that multiple cybersecurity experts have attested to the documents’ authenticity.

Key revelations in the documents include details on the ways in which the Chinese government’s Ministry of State Security is backing private-sector hacker operations, which are believed by U.S. officials to have targeted companies and governments in the U.S., according to the Times report.

In a blog post, the SentinelOne threat researchers said the leak provides “some of the most concrete details seen publicly to date, revealing the maturing nature of China’s cyber espionage ecosystem.”

“It shows explicitly how government targeting requirements drive a competitive marketplace of independent contractor hackers-for-hire,” the researchers wrote.

For the threat intelligence community, the leaked documents offer an opportunity to reconsider some of their past attributions for major cyberattacks, according to the SentinelOne researchers.

Threat intelligence analysts should also be able to “gain a deeper understanding of the complex Chinese threat landscape,” which should prove critical for keeping pace with threats deriving from China and bolstering cyber defense strategies, the researchers wrote.

Ultimately, as shown in the leaked documents, “third-party contractors play a significant role in facilitating and executing many of China’s offensive operations in the cyber domain,” the SentinelOne researchers wrote.

The incident offers a general lesson for businesses, as well, given the likelihood that the documents were leaked by disaffected I-Soon employees: “Your organization’s threat model likely includes underpaid technical experts making a fraction of the value they may pilfer from your organization,” the researchers wrote. “This should be a wakeup call and a call to action.”