The Alleged Hacking of the UK’s Foreign Office by Chinese Cyber Security Firm i-Soon: A Closer Look at the Leaked Documents
4 min readThe recent leak of documents from Chinese cyber security firm i-Soon has raised alarming concerns about the potential breach of the UK’s Foreign Office and other government agencies, think tanks, businesses, and charities. The collection of 577 documents and chat logs, which were leaked on GitHub on 16 February, reveals eight years of i-Soon’s work to extract data and gain access to systems in the UK, France, and several Asian countries, including Taiwan, Pakistan, Malaysia, and Singapore.
The authenticity of the leaked documents has been confirmed by three security researchers, and they potentially offer a rare inside look into a commercially-fuelled, high-stakes intelligence operation. The data shows how the contractors serve not only one agency but multiple agencies at once.
The leaks suggest that the UK Foreign Office was a priority target for i-Soon, with one undated chat log between “Boss Lu” and another unnamed user revealing that they had access to a Foreign Office software vulnerability. However, Boss Lu then advised focusing on another organization because a rival contractor had been awarded the work.
In another chat log, a user sent a list of UK targets to i-Soon, which included the British Treasury, Chatham House, and Amnesty International. The pair then discussed prepayment from their client for the unspecified information on the targets. Other chat logs show that i-Soon staff discussed contracts involving Jens Stoltenberg, NATO’s secretary-general.
The workings of China’s cyber espionage campaign have been reported on extensively, but this leak sheds light on the unusual way in which the private sector is involved in those campaigns. It is unlikely that the outcome of investigations by the Chinese authorities will ever be made public.
Experts suggest that there could be many motives behind the data leak, including a disgruntled former employee, a foreign intelligence agency, or a malicious leak by a competitor to undermine i-Soon’s public credibility. The documents reveal that i-Soon is one of many private companies that provide cybersecurity services for China’s military, police, and security services. It employs less than 25 staff at its Shanghai headquarters.
The collection of documents and chat logs also hints at successful hacks of public bodies and businesses across Asia and Europe, but it is not yet clear if any were compromised. The identity of the leaker is unknown, and the Chinese embassy in the UK has stated that they were unaware of the leak and that China firmly opposes and combats all forms of cyberattacks in accordance with the law.
The documents reveal that i-Soon charged around $15,000 (£11,900) to access the Vietnamese traffic police’s website and $100,000 (£79,000) for software to run a disinformation campaign on X, formerly Twitter. The leaks potentially offer a rare inside look into the world of cyber espionage and the role of private companies in these operations.
The BBC has approached the UK government for comment, but no statement has been issued as of yet. The leak comes at a time when tensions between China and the UK are high, with the UK government expressing concerns over China’s actions in Hong Kong and Xinjiang. The alleged hacking of the Foreign Office could further strain relations between the two countries.
The leak also raises questions about the security of government agencies and businesses in the UK and other countries and the role of private companies in cybersecurity operations. It is essential that governments and organizations take steps to protect their systems and data from cyberattacks and work to prevent such breaches in the future.
In conclusion, the leak of documents from Chinese cybersecurity firm i-Soon reveals alarming allegations of the hacking of the UK’s Foreign Office and other government agencies, think tanks, businesses, and charities. The authenticity of the leaked documents has been confirmed, and they potentially offer a rare inside look into a commercially-fuelled, high-stakes intelligence operation. The documents raise concerns about the security of government agencies and businesses in the UK and other countries and the role of private companies in cybersecurity operations. It is essential that governments and organizations take steps to protect their systems and data from cyberattacks and work to prevent such breaches in the future.
The investigation into the leak is ongoing, and it remains to be seen what the outcome will be. The Chinese authorities have stated that they oppose and combat all forms of cyberattacks in accordance with the law, but the authenticity and implications of the leaked documents are significant. The alleged hacking of the Foreign Office could further strain relations between China and the UK and raise questions about the security of government agencies and businesses in the UK and other countries. It is a reminder of the importance of cybersecurity and the need for vigilance in the face of potential threats.