I-Soon leak

On 16 February 2024, a series of documents from Chinese information company i-Soon (Chinese: 安洵信息) were leaked on GitHub. The documents showed that the company engaged with several hacking and cyber espionage activities with the Chinese government. After the leak, the Chinese government's role in cyberwarfare and its connection with private Internet companies became the focus of international attention and media investigation.

The Rewards for Justice Program of the U.S. State Department offers US$10 Million for information of i-Soon staff following the leak

Leak and investigation

On 21 February 2024, TeamT5 (Chinese: 杜浦數位安全), a Taiwanese cybersecurity group, found an unknown link and downloaded it, and found it was a leak from a Chinese information company called "i-Soon". The company served as a contractor to the Ministry of State Security, Ministry of Public Security, and People's Liberation Army.^[1] The leaked content includes various contracts, internal meeting records, and cyber attack techniques. It also revealed the company's collaboration with the Chinese government and a hacker group "APT41",^[2] involvement in cyber espionage, and its internal problems.^[3][4][5]

The leaked documents also indicated that i-Soon hacked into government systems, telecommunications companies, and non-governmental organization websites in Asian and European countries to gain access and steal their data. The main targets included India, Hong Kong, Taiwan, South Korea, and Malaysia.^[6][7][8] Some further reports found that their target were extended to the United Kingdom, the Czech Republic, the European Union, and the United States.^[9][10] In addition, the documents showed that i-Soon had deceived the Chinese government and their internal issues, including financial problems, product quality, and low wages and treatments against its employees.^[3][11]

The BBC and the NHK launched their own independent investigation into the documents and concluded that the documents were authentic.^[9][12] The NHK reporters visited the i-Soon office, only to find it was already empty.^[12] The NHK published a documentary of their investigation in September 2024. In the documentary, the NHK found the company had close ties with the Chinese "People's Police". NHK also found that i-Soon had provided a detailed manual for Twitter to manipulate its public opinion. The documentary used Fukushima radioactive water discharge and 2023 Taiwanese anti-Indian migrant worker protest as examples of how China triggers cognitive warfare by spreading misinformation.^[5][12]

In March 2025, the United States Attorney's Office of the Southern District of New York and the District of Columbia prosecuted several persons involved with i-Soon for their malicious activities. The United States Department of Commerce seized the company's domain and VPS. The department also issued a sanction against the company.^[10][13]

Reaction

The Ministry of Foreign Affairs of the People's Republic of China denied the attack, stating that China "opposes and punishes any form of cyber attacks in accordance with the law". Le Monde doubts the ministry's denial and believes it is not convictable since the evidence is quite clear.^[2] Julian Ku, legal scholar of Hofstra University, said hiring private companies to help with national security and cyberattacks is "inexpensive and effective". Chris Balding, an American economist, said the leak was not surprising, despite being quite noticeable.^[14]

See also

• Chinese information operations and information warfare
• Cyberwarfare and China