I-Soon

Threat Actor updated 4 months ago (2024-05-04T19:04:41.858Z)
Download STIX
Preview STIX
i-SOON, a threat actor believed to be operating out of China, has come into the limelight due to a significant data leak. The leaked documents provide an inside view of i-SOON's operations, revealing its role in executing cyberespionage campaigns on behalf of various Chinese government agencies. This information was made public through candid employee chat conversations and images that were part of the leak. Cybersecurity experts Tom Uren and Catalin Cimpanu have confirmed the authenticity of the leak and the details it contains about i-SOON's clandestine activities. The data leak has prompted an investigation by i-SOON and Chinese police, as they seek to understand how the files were leaked. Two i-SOON employees, who spoke on condition of anonymity due to fear of retribution, informed the Associated Press (AP) about the ongoing probe. Despite the leak, i-SOON's management has assured its staff that business will continue as usual and instructed them to carry on with their work. Prior to this incident, i-SOON had already drawn the attention of cybersecurity researchers after being sued by Chengdu 404, a company from the same city. Chengdu 404 is linked to APT41, a well-known cyber espionage group. The recent visit to i-SOON's office in Chengdu by an AP representative confirmed the reality of the leak, reinforcing concerns about the company's involvement in state-sponsored cyber espionage activities.
Description last updated: 2024-03-09T00:12:19.957Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Earth Lusca
4
Earth Lusca, a threat actor identified as being Chinese-speaking, has been active since at least the first half of 2023. The group primarily targets organizations in Southeast Asia, Central Asia, and the Balkans. Recently, it has expanded its arsenal with SprySOCKS Linux malware, a new addition that
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Chinese
Apt
Government
Uk
China
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
ShadowPadUnspecified
2
ShadowPad is a modular malware that has been utilized by various Chinese threat actors since at least 2017. It's a malicious software designed to infiltrate computer systems, often without the user's knowledge, and can cause significant damage by stealing personal information, disrupting operations,
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
APT41Unspecified
3
APT41, a threat actor attributed to China, has been actively targeting organizations in at least 14 countries since 2012. The group is known for its use of an extensive range of malware, with at least 46 different code families and tools observed in their operations. They are associated with various
WinntiUnspecified
3
The Winnti Group is a sophisticated threat actor that has been active since at least 2007, first identified by Kaspersky in 2013. This collective of Chinese nation-state hackers is known for its advanced cyberespionage capabilities and its unique strategy of targeting legitimate software supply chai
Source Document References
Information about the I-Soon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle