I-Soon

Threat Actor updated 3 days ago (2024-09-11T09:17:44.296Z)
Download STIX
Preview STIX
i-Soon, a private industry contractor for the Chinese Ministry of Public Security (MPS), has recently been implicated in a massive data leak that surfaced on Github. This threat actor, known for initiating and sustaining cyber espionage campaigns on behalf of various Chinese government agencies, is currently under investigation by both the company itself and the Chinese police. The leaked documents reveal candid employee chat conversations and images, providing an unprecedented glimpse into the less public side of i-Soon's operations. The data leak, which was detailed by Tom Uren and Catalin Cimpanu, exposed internal communications wherein employees lamented over long hours and low pay. Despite this setback, one employee reported that the company held a meeting to reassure staff that the leak would not significantly impact business operations, and encouraged them to continue working as usual. The anonymity of the employees who provided information about the leak has been preserved due to concerns about potential retribution. Interestingly, i-Soon had already attracted the attention of cybersecurity researchers even before this incident, having been sued by Chengdu 404, a firm from the same city. Chengdu 404 is linked to APT41, another well-known cyber espionage group. The confirmation of the data leak's authenticity came after a visit to i-Soon’s office in Chengdu, further highlighting the real-world implications of this cybersecurity breach.
Description last updated: 2024-09-11T09:17:28.387Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Earth Lusca
4
Earth Lusca, a threat actor identified as being Chinese-speaking, has been active since at least the first half of 2023. The group primarily targets organizations in Southeast Asia, Central Asia, and the Balkans. Recently, it has expanded its arsenal with SprySOCKS Linux malware, a new addition that
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Chinese
Government
Apt
Data Leak
Uk
China
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
ShadowPadUnspecified
2
ShadowPad is a modular malware that has been utilized by various Chinese threat actors since at least 2017. It's a malicious software designed to infiltrate computer systems, often without the user's knowledge, and can cause significant damage by stealing personal information, disrupting operations,
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
APT41Unspecified
3
APT41, a threat actor attributed to China, has been actively targeting organizations in at least 14 countries since 2012. The group is known for its use of an extensive range of malware, with at least 46 different code families and tools observed in their operations. They are associated with various
WinntiUnspecified
3
The Winnti Group is a sophisticated threat actor that has been active since at least 2007, first identified by Kaspersky in 2013. This collective of Chinese nation-state hackers is known for its advanced cyberespionage capabilities and its unique strategy of targeting legitimate software supply chai
Source Document References
Information about the I-Soon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle