ISOON

Campaign updated 2 months ago (2024-11-01T03:03:19.213Z)
Download STIX
Preview STIX
The iSoon campaign, a series of related activities with a unified goal, was centered around the Shanghai Anxun Information Technology (Anxun; aka iSOON), a key Chinese InfoSec vendor. This campaign saw a significant leak of information that put the spotlight on China's growing hacking industry. The compromise of iSoon led to the exposure of internal documents, revealing some of the inner workings of the firm. As per the leaked data, iSoon, despite being a relatively small player in the Chinese cybersecurity community, claimed to have breached organizations in over 30 countries using its sophisticated tools. The KEYPLUG malware campaign was linked to iSoon, as shown in Figure 11. Further investigations into this leak could provide insights into the involvement of APT41 or related entities, suggesting a plausible connection between them and the iSoon Leak incident. The compromised company, along with Sichuan Silence Information Technology and a university, are located in Chengdu, Sichuan - a hotspot for China's burgeoning hacking industry. According to threat research firm Natto, at the time of the leak, iSoon operated out of six locations in China and had about 160 employees. However, only about 26 of these employees held a four-year university degree and were involved in sensitive operations. Notably, one complaint from Chinese hackers revealed through the leak was low pay, illustrating the challenging environment within the cybersecurity industry in China. Despite these challenges, private sector companies like iSoon continue to develop valuable tools for state and local authorities.
Description last updated: 2024-11-01T03:03:19.194Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Anxun is a possible alias for ISOON. Anxun Information Technology Co., also known as iSoon, has been identified as a significant threat actor in the realm of cybersecurity. A data leak revealed on February 18, 2024, disclosed the company's strong ties to the Chinese government through various contracts. This leak, which originated from
2
Earth Krahang is a possible alias for ISOON. Earth Krahang is a threat actor, a term used in cybersecurity to describe an entity responsible for malicious activities. This could be an individual, a private company, or even a government organization. In the world of cybersecurity, unique names are often given to these actors to differentiate th
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Government
Malware
Apt
Chinese
Github
Android
Infostealer
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The APT41 Threat Actor is associated with ISOON. APT41, also known as Winnti, is a threat actor suspected to be originating from China, with its activities dating back to as early as 2012. It has targeted organizations in at least 14 countries and has been associated with the use of at least 46 different code families and tools. The group's activiUnspecified
2
Source Document References
Information about the ISOON Campaign was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
2 months ago
Yori
3 months ago
BankInfoSecurity
3 months ago
Yori
3 months ago
BankInfoSecurity
4 months ago
CERT-EU
10 months ago
DARKReading
6 months ago
BankInfoSecurity
7 months ago
BankInfoSecurity
7 months ago
BankInfoSecurity
8 months ago
BankInfoSecurity
9 months ago
BankInfoSecurity
9 months ago
BankInfoSecurity
9 months ago
DARKReading
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
BankInfoSecurity
9 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago