A cache of documents from a Chinese security firm working for Chinese government agencies showed an extensive effort to hack many foreign governments and telecommunications firms, particularly in Asia, as well as targets of the country’s domestic surveillance apparatus.
The documents, which were posted to a public website last week, revealed an eight-year effort to target databases and tap communications in South Korea, Taiwan, Hong Kong, Malaysia, India and elsewhere in Asia. The files also revealed a campaign to monitor closely the activities of ethnic minorities in China and online gambling companies.
The files included records of apparent correspondence between employees as well as lists of targets and materials that showed off cyberattack tools. The documents came from I-Soon, a Shanghai company with offices in Chengdu. Three cybersecurity experts interviewed by The Times said the documents appeared to be authentic.
Taken together, the leaked files offered a look inside the secretive world of China’s state-backed hackers for hire. They underscored how Chinese law enforcement and its premier spy agency, the Ministry of State Security, have reached beyond their own ranks to tap private-sector talent in a global hacking campaign that United States officials say has targeted American infrastructure and government.
“We have every reason to believe this is the authentic data of a contractor supporting global and domestic cyber espionage operations out of China,” said John Hultquist, the chief analyst at Google’s Mandiant Intelligence.
Mr. Hultquist said that the data showed that I-Soon was working for a range of Chinese government entities that sponsor hacking, including the Ministry of State Security, the People’s Liberation Army, and China’s national police.
