Summary: Leaked documents reveal Australia was targeted by Chinese hackers, indicating a sophisticated international hacking operation with ties to the Chinese government.
Key Point:
🔒 Australia was on the targeted list, but specific targets were not mentioned.
🔒 i-Soon often pitched to Chinese government agencies and compromised data was offered for sale.
🔒 Evidence suggests a vast and sophisticated hacking operation with links to the Chinese government.
🔒 Chinese Communist Party uses proxies for hacking activities.
🔒 Australia’s electoral systems were not compromised, but international condemnation was expressed.
🔒 i-Soon has strong working relationships with state-backed hacking groups.
🔒 Australian government called out the unacceptable behavior of targeting democratic institutions.
🔒 Australia will continue to cooperate with international partners to promote responsible state behavior in cyberspace.
🔒 Calls for sanctions on APT31 front group and Chinese nationals involved in the attacks.
——————–
“In the leaked documents, Australia as a country was on the targeted list, but there were no details of specific targets of Australia,” Mei Danowski, a geopolitical intelligence researcher who publishes Natto Thoughts on Substack, told the Financial Review.
“In one chat log, the conversation mentioned they got some new samples related to Australia, but the conversation didn’t say what kinds of samples they were. However, if samples were obtained, that means the targets have been compromised.”
Ms Danowski said the leaked i-Soon documents showed the company often pitched to Chinese government agencies such as the Ministry of Public Security (MPS) or State Security (MSS).
“They often had to proactively make an ‘educated’ guess as to the interests of the MPS or MSS. When they had ‘samples’ – likely compromised data or access – they would show their ‘clients’ and ask if they would like to buy. This was probably the case of Australia which exemplified in the leaked documents,” she said.
“The Australia and China relations have not been doing well in the past several years. China is definitely interested in putting themselves on the upper hand for the situation through cyber means.”
The nature of the targets and claimed victims of i-Soon since 2013 indicate the firm was heavily focused on government targets.
The material claims the firm breached agencies such as Britain’s Home Office and National Crime Agency, India’s Ministry of Foreign Affairs, Home Affairs and Defence, the Thai Prime Minister’s Office, Vietnam’s Supreme Court, South Africa Special Forces and dozens more.
Sophisticated operation
“It is unclear what Australian targets were hacked, but the evidence points to at least the intent to hack targets in Australia for their clients,” Internet 2.0 co-chief executive David Robinson said.
“The number of victims and data on file suggest a vast and sophisticated international hacking operation with strong commercial links to the Chinese government.”
Opposition home affairs spokesman James Paterson said it was common for the Chinese Communist Party to use proxies, including front groups and commercial entities, to engage in hacking for hire against targets, including of strategic value.
“This makes it no less serious, and in some ways worse. It is not the act of a responsible actor to effectively fund and subsidise criminal activities,” he said.
“It is very concerning to learn from the i-Soon leak that Advanced Persistent Threat [APT] actors backed by the Chinese government appear to have targeted Australia for the purposes of espionage.”
On Tuesday, the Albanese government said Australia’s electoral systems had not been compromised by the hackers who targeted the UK, while joining in the international condemnation.
China state-affiliated hacking group APT31 was called out as “almost certainly responsible” for targeting the emails of UK parliamentarians.
McGrathNicol partner Blare Sutton, who leads the firm’s cyber practice in Melbourne, said the i-Soon leak appeared to detail links between the group and a range of APT organisations in China.
“The difference between them is i-Soon seems to be a registered company in China that actually develops a lot of software tools,” Mr Sutton said.
He said chat logs in the leaks showed i-Soon employees messaging members of APT groups who were using its products for hacking, and there seemed to be a “strong working relationship” between i-Soon and different state-backed hacking groups.
“It looks like they’ve got information that they can provide to the different APT groups on how to set up their tools in different environments,” Mr Sutton said.
The Australian government stopped short of imposing sanctions on the Chinese figures involved in targeting the UK, sparking opposition concern it was going soft on Beijing following the stabilisation of bilateral ties.
‘Behaviour unacceptable’
“The persistent targeting of democratic institutions and processes has implications for democratic and open societies like Australia. This behaviour is unacceptable and must stop,” Foreign Minister Penny Wong and Cyber Security Minister Clare O’Neil said.
“Australia will continue to co-operate with our international partners to promote international law and the agreed framework of responsible state behaviour in cyberspace and call out states if they act contrary to these international obligations and expectations.”
When Australia imposed financial sanctions and travel bans on a Russian national as the mastermind behind the 2022 ransomware attack on health fund Medibank, the US and UK also imposed sanctions.
Mr Paterson called on the government to explain whether it would sanction APT31 front group Wuhan XRZ and two Chinese nationals accused of being involved in the attacks, Ni Gaobin and Zhao Guangzong.
“Certainly, the US and UK showed solidarity with us and augmented the power of our sanctions by adding their weight to it,” Senator Paterson said.
“As a matter of principle I think we should do the same to support our allies, and it is up to the government to explain if it thinks the bilateral relationship [with China] is more important than defending our national interests.”
“An interesting youtube video that may be related to the article above”