BEIJING: A Chinese tech security firm was able to breach foreign governments, infiltrate social media accounts and hack personal computers, a massive data leak analysed by experts this week revealed.

The trove of documents from I-Soon, a private company that competed for Chinese government contracts, shows that its hackers compromised more than a dozen governments, according to cybersecurity firms SentinelLabs and Malwarebytes.

I-Soon also breached “democracy organisations” in China’s semi-autonomous city of Hong Kong, universities and the Nato military alliance, SentinelLabs researchers wrote in a blog post on Wednesday.

The leaked data, the contents of which AFP was unable to immediately verify, was posted last week on the online software repository GitHub by an unknown individual.

“The leak provides some of the most concrete details seen publicly to date, revealing the maturing nature of China’s cyber espionage ecosystem,” SentinelLabs analysts said. I-Soon was able to breach government offices in India, Thailand, Vietnam and South Korea, among others, Malwa­rebytes said in a separate post on Wednesday.

I-Soon’s website was not available on Thursday morning, though an internet archive snapshot of the site from Tuesday says it is based in Shanghai, with subsidiaries and offices in Beijing, Sichuan, Jiangsu and Zhejiang. The firm did not reply to a request for comment.

Asked by AFP on Thursday about whether Beijing contracted hackers, China’s foreign ministry said it was “not aware” of the case. “As a principle, China firmly opposes all forms of cyberattacks and cracks down on them in accordance with law,” spokesperson Mao Ning said.

Published in Dawn, February 23rd, 2024