CyberX9 Research Team have been doing an extensive research into a recent data leak from a Chinese government sponsored cyber attacker group, namely, i-Soon (aka Anxun) who is a private contractor that operates as an Advanced Persistent Threat (APT)-for-hire, servicing China’s Ministry of Public Security (MPS). The data leak is seemingly from an disgruntled staff member of the group.

The vast majority of the leaked internal chats and documents are in Chinese and hence posed a challenge to analyse them but after work of couple of days our Research Team have successfully done their analysis.

Notably, during our analysis we found lots of mentions of India being one of the main targets of the group in the leaked internal documents of i-Soon and their leaked internal chats.

From the leaked documents of the group, it is evident that they’ve been infiltrating the sensitive departments of the Government of India and of some big Indian corporate companies, and that too with very high success.

From the leaked documents, it is evident that the Chinese APT group, have been able to infiltrate and exfiltrate vast quantity of sensitive data including from the Prime Minister’s Office of India, Indian Bureau Of Immigration, Employees' Provident Fund Organisation, Air India, BSNL, Population/Census Data of India, Defence Research and Development Organisation, Apollo Hospitals, and possibly Reliance Industries (RIL).

The expose of the Chinese APT group i-Soon's cyber attacks against India, as unveiled by CyberX9, equips India with critical diplomatic leverage against Chinese cyber aggression in order to expose China’s malicious acts in an attempt to attack the sovereignty of other countries.

‍

Below is a table listing the targets and stolen data. After the table, you will find detailed description attacks carried on each of the target by the Chinese APT group.

‍