ISOON

Campaign updated 21 days ago (2024-11-01T03:03:19.213Z)

Download STIX

Preview STIX

The iSoon campaign, a series of related activities with a unified goal, was centered around the Shanghai Anxun Information Technology (Anxun; aka iSOON), a key Chinese InfoSec vendor. This campaign saw a significant leak of information that put the spotlight on China's growing hacking industry. The compromise of iSoon led to the exposure of internal documents, revealing some of the inner workings of the firm. As per the leaked data, iSoon, despite being a relatively small player in the Chinese cybersecurity community, claimed to have breached organizations in over 30 countries using its sophisticated tools. The KEYPLUG malware campaign was linked to iSoon, as shown in Figure 11. Further investigations into this leak could provide insights into the involvement of APT41 or related entities, suggesting a plausible connection between them and the iSoon Leak incident. The compromised company, along with Sichuan Silence Information Technology and a university, are located in Chengdu, Sichuan - a hotspot for China's burgeoning hacking industry. According to threat research firm Natto, at the time of the leak, iSoon operated out of six locations in China and had about 160 employees. However, only about 26 of these employees held a four-year university degree and were involved in sensitive operations. Notably, one complaint from Chinese hackers revealed through the leak was low pay, illustrating the challenging environment within the cybersecurity industry in China. Despite these challenges, private sector companies like iSoon continue to develop valuable tools for state and local authorities.

Description last updated: 2024-11-01T03:03:19.194Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Anxun is a possible alias for ISOON. Anxun Information Technology Co., also known as iSoon, has been identified as a significant threat actor in the realm of cybersecurity. A data leak revealed on February 18, 2024, disclosed the company's strong ties to the Chinese government through various contracts. This leak, which originated from	2
Earth Krahang is a possible alias for ISOON. Earth Krahang is a threat actor, a term used in cybersecurity to describe an entity responsible for malicious activities. This could be an individual, a private company, or even a government organization. In the world of cybersecurity, unique names are often given to these actors to differentiate th	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Government

Malware

Apt

Chinese

Github

Android

Infostealer

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The APT41 Threat Actor is associated with ISOON. APT41, also known as Winnti, is a threat actor suspected to be originating from China, with its activities dating back to as early as 2012. It has targeted organizations in at least 14 countries and has been associated with the use of at least 46 different code families and tools. The group's activi	Unspecified	2

Source Document References

Information about the ISOON Campaign was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	21 days ago	Sophos Discloses Half Decade of Sustained Chinese Attack
Yori	2 months ago	Uncovering an undetected KeyPlug implant attacking industries in Italy - Yoroi
BankInfoSecurity	2 months ago	China Using Powerful Hacking Firms to Run Its Espionage War
Yori	2 months ago	Uncovering an undetected KeyPlug implant attacking industries in Italy - Yoroi
BankInfoSecurity	3 months ago	Chinese Hacking Firm iSoon Targeted European Networks
CERT-EU	9 months ago	Reported leak of Chinese hacking documents supports experts' warnings about how compromised U.S. could be
DARKReading	5 months ago	Bug Bounty Programs, Hacking Contests Power China's Cyber Offense
BankInfoSecurity	6 months ago	Active Chinese Cyberespionage Campaign Rifling Email Servers
BankInfoSecurity	6 months ago	Unfading Sea Haze APT Targeting South China Sea Governments
BankInfoSecurity	7 months ago	The Global Menace of the Russian Sandworm Hacking Team
BankInfoSecurity	8 months ago	DinodasRAT Backdoor Targeting Linux Machines Worldwide
BankInfoSecurity	8 months ago	iSoon Leak Shows Links to Chinese APT Groups
BankInfoSecurity	8 months ago	Trend Micro Spots Possible iSoon Campaign
DARKReading	8 months ago	Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continents
CERT-EU	8 months ago	The reported leak of Chinese hacking documents supports experts' warnings about how compromised the US could be \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	8 months ago	Chinese Cybercrime: Discretion Is the Better Part of Valor
CERT-EU	8 months ago	Discretion Is the Better Part of Valor \| #cybercrime \| #infosec \| National Cyber Security Consulting
BankInfoSecurity	8 months ago	Chinese Cybercrime: Discretion Is the Better Part of Valor
CERT-EU	9 months ago	Anxun and Chinese APT Activity - ReliaQuest
CERT-EU	9 months ago	PRC State Hacking: ‘Chinese Edward Snowden’ Spills I‑Soon Secrets in Huge Dump of TTPs \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting