‘Major Chinese hack’ on Foreign Office urgently investigated by UK spies | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


A major Chinese data leak has revealed apparent evidence of an industrial-scale attempt to hack UK government departments and other Western targets.

The anonymous dump of internal files, purportedly from a Shanghai-based commercial surveillance company, shows a list of targets in Whitehall, including the Foreign Office.

The documents, which are all in Mandarin, are currently being assessed with urgency by UK intelligence agencies, i can reveal.

It is unclear who is behind the leak or the alleged hacking attempts, but if confirmed it would be the latest example of Chinese attempts to infiltrate the UK government.

Sam Dunning, director and founder of UK-China Transparency, told i the leak “ appears to be genuine”.

He said: “The leak highlights how the Chinese Communist Party has nourished a industrial hacking ecosystem in China, where cyber privateers compete with one another to hoover up foreign data for the state.”

i has attempted to verify the documents, including identifying and contacting the alleged CEO of the surveillance company, which is called iSOON.

The documents allege iSOON has been contracted as a hacker-for-hire by the Chinese state, attacking high-profile targets such as Nato and the UK’s National Crime Agency.

Established in 2010, iSOON – otherwise known as Axun – claims to provide security consulting,including attack and defence cyberspace strategy. It has provided national training programmes on network security and received commendations from Chinese Communist Party (CCP) for its contributions.

In 2019 the firm was selected as one of the first units installed by China’s Cyber Security Bureau at the Ministry of Public Security.

The leak shows a list of several UK government departments – including the Cabinet Office, Home Office, and Foreign Office – with a question from an unknown client if the Chinese firm can “take it down”.

Apparent iSOON employee chat files in the leak mention planned hacks on UK government agencies, think tanks and charities, such as Chatham House and Human Rights Watch.

The alleged files show hackers found a vulnerability in a Foreign Office system, which had been identified as a priority target. Speaking with a fixer for an unknown client in Chongqing – a city in Sichuan province administered by the Chinese government – an iSOON employee asks: “What did you say was needed from the people interested in the UK? Is the Foreign Office their priority?”

The fixer replies, saying it’s the “first choice” and they will “definitely buy it if we secure it.” The iSOON employee then says they have identified a zero-day vulnerability – a weakness that has been found but is not yet fixed – in the Foreign Office systems and they can have the data in two weeks.

A list of UK targets from the Chinese hack includes Whitehall departments and think tanks.

UK intelligence agencies are currently verifying and analysing the documents. A UK intelligence source told i that several agencies were currently working to translate the leak, check its authenticity, and patch any potential vulnerabilities it exposes in UK infrastructure.

The leak was anonymously posted on GitHub, where it was picked up and shared by Azaka Sekai, a Taiwanese security researcher.

The trove of documents includes presentations from the Chinese firm detailing its intrusive spyware capabilities.

These include social media spying tools for monitoring Chinese dissenters, malware for various platforms including Microsoft Exchange and Apple, and devices disguised as battery packs to infiltrate mobile phones using a shared Wi-Fi connection.

iSOON claims it can target Android and iOS devices to obtain a large amount of information, including GPS data, contacts, media files, and real-time recordings.

The documents also show the tools the firm used to monitor personal information using Chinese social media platforms such as Weibo, Baidu and WeChat. Another file listed “confidential” names, dates of birth, job title, and security classification. The names on the list were all recorded as being Chinese nationals.

One of the ‘battery packs’ hackers allegedly use to remotely infiltrate mobile phones

In an attempt to verify the documents, i ran tests to analyse some of the images included in the leak. One screenshot shows a link used to transfer documents, images or videos using an encrypted and secure platform. Another shows the email address of a professor at Chiang Mai University.

Many of the profile images in the screenshots of conversations are of animals or cartoons, something not uncommon on Chinese social media. Profile images that do feature people’s faces were too low-quality and small to run through a reverse image search – a type of search that detects whether an image has been previously uploaded online.

Attempts by i to contact the owner of the iSOON website via email and Skype have not yet received a response.

Details of iSOON’s capabilities with infiltrating Windows

——————————————————–


Click Here For The Original Story From This Source.

.........................

National Cyber Security

FREE
VIEW