An Anonymous Group Leaked Chinese-Linked Spyware Vendor, iSoon Data
An anonymous hacking group has reportedly claimed to have breached and leaked internally sensitive documents of private industry contractor of the Chinese Ministry of Public Security (MPS), known as iSoon (also referred to as Anxun)
The hackers claimed to have authorizing control over Macau Airlines, Malaysian MoFA, Thailand MoF, Pakistan telecommunications provider Zong, Kazakhstan telecom provider Kcell, and Skytel systems.
iSoon Spyware Features
The complexity of the attack is evident in how diverse the documents they pilfered are, the said firm built Spyware for both Android, Windows, and iOS devices. Moreover, some of the features of Spyware include dumping X email (previously known as Twitter), Phone number, real-time monitoring, Publishing tweets on their behalf, and Reading Private messages(DMs).
Additionally, iSoon made custom Rats for Windows x64/x86 with features such as process/service/registry management, remote shell, keylogging, file access logging, obtaining system info, disconnecting remotely, and uninstallation.
According to the source, the entire leaked document contains a screenshot of the controller, titled security system(v3.0.0.3) on the Windows version.
Furthermore, the iOS version also claims to authorize and support all iOS device versions, with features ranging from hardware information, GPS data, contacts, media files, and real-time audio records as an extension.
The Sensitive Leak
According to the source, the leaked chat logs provide a comprehensive outlook on the internal structures of ransomware, and how hackers are making money from hacking government agencies’ critical systems, with companies and hired contractors profiting from contracted ransomware attacks.
Furthermore, the Android version can dump messages from all popular Chinese chatting apps QQ, WeChat, Telegram, and MoMo. Additionally, the Android spyware can elevate the system app for persistence against internal recovery while hacking.
The hacking group revealed their trump card in the Android version of Spyware, a Wi-Fi-capable device that they can inject into the targeted devices through the Wifi.
The created software is revealed to be subtle and can be directly plugged in through supported networks of 3G and 4G devices to acquire device data ranging from GPS, SMS, Contacts, and other internal files.