CyberX9 Research Team have been doing an extensive research into a recent data leak from a Chinese government sponsored cyber attacker group, namely, i-Soon (aka Anxun) who is a private contractor that operates as an Advanced Persistent Threat (APT)-for-hire, servicing China’s Ministry of Public Security (MPS). The data leak is seemingly from an disgruntled staff member of the group.
The vast majority of the leaked internal chats and documents are in Chinese and hence posed a challenge to analyse them but after work of couple of days our Research Team have successfully done their analysis.
Notably, during our analysis we found lots of mentions of India being one of the main targets of the group in the leaked internal documents of i-Soon and their leaked internal chats.
From the leaked documents of the group, it is evident that they’ve been infiltrating the sensitive departments of the Government of India and of some big Indian corporate companies, and that too with very high success.
From the leaked documents, it is evident that the Chinese APT group, have been able to infiltrate and exfiltrate vast quantity of sensitive data including from the Prime Minister’s Office of India, Indian Bureau Of Immigration, Employees' Provident Fund Organisation, Air India, BSNL, Population/Census Data of India, Defence Research and Development Organisation, Apollo Hospitals, and possibly Reliance Industries (RIL).
The expose of the Chinese APT group i-Soon's cyber attacks against India, as unveiled by CyberX9, equips India with critical diplomatic leverage against Chinese cyber aggression in order to expose China’s malicious acts in an attempt to attack the sovereignty of other countries.
Below is a table listing the targets and stolen data. After the table, you will find detailed description attacks carried on each of the target by the Chinese APT group.
>Prime Minister’s Office of India and Indian Employees' Provident Fund Organization
Below is a screenshot from leaked documents mentioning the target and data type and data stolen from the above two organizations.
>Indian Bureau Of Immigration and Apollo Hospitals
Below is a screenshot from leaked documents mentioning the target and data type and data stolen from the above two organizations.
>Indian Employees' Provident Fund Organisation, Air India, Reliance Industries (RIL) and BSNL
Below is a screenshot from leaked documents mentioning the target and data type and data stolen from the above mentioned organizations.
>Defence Research and Development Organisation
Below is a screenshot from leaked documents mentioning the target and data type and data stolen from the above mentioned organization.
The CyberX9 research uncovers a significant cyber threat posed by the Chinese APT group i-Soon, which has successfully infiltrated and extracted vast amounts of sensitive data from critical Indian government bodies and major corporations. These attacks by the Chinese government directly impacts India’s national security, exposes sensitive personal information of millions of Indian citizens and defence personnels, and jeopardizes the operational integrity of affected organizations. The targeted infiltration of high-profile entities such as the Prime Minister's Office, Indian Employees' Provident Fund Organisation, Defence Research and Development Organisation, and major corporations like Air India, BSNL, and possibly Reliance Industries, highlights a systematic attempt to under mine India's sovereignty and economic stability. The attacks’s scope, involving over 95.2GB of data from the Indian Bureau of Immigration alone, underscores the massive scale of this cyberespionage. This incident serves as a wake-up call for India to bolster its cyber defenses and address vulnerabilities within its digital infrastructure.
CyberX9 Research Team have been alerting the Government of India on Chinese cyber threats and will continue to do so in order to protect India from such attacks.
Subscribe to our newsletter to get our upcoming findings in your inbox!
[.c-button-modal]Subscribe now![.c-button-modal]
Press: for any questions relating to this finding, feel free to contact us at press@cyberx9.com
We won't spam you but only send content you'll like and you can unsubscribe anytime.