Leaked Documents Reveal Beijing’s Big Business of Hacking


Welcome to this week’s Intelligence Brief… on Thursday, the existence of newly leaked documents revealing the Chinese government’s use of hacking for hire made headlines, offering new insights into Beijing’s ongoing espionage efforts. In our analysis, we’ll look at 1) China’s booming business of hacking, 2) I-Soon, the company offering the hacking resources behind the efforts, and 3) the known extent of China’s cyber espionage operations based on current information.

Quote of the Week

“This represents the most significant leak of data linked to a company suspected of providing cyberespionage and targeted intrusion services for the Chinese security services.”

– Jonathan Condra, cybersecurity expert

Latest News: In recent coverage from The Debrief, we look at DARPA’s new REMA program, which could transform commercial and military drones into autonomous killing machines. Elsewhere, the Naval Research Lab says it has discovered waveguides based on 2D materials with “exotic” properties. Links to all our recent stories cand be found at the end of this week’s newsletter. 

Podcasts: In podcasts from The Debrief, on The Micah Hanks Program, we dive into claims about past U.S. presidents and their involvement with aerial mysteries. Over on The Debrief Weekly Report, Kenna and Stephanie explore Saturn’s “Death Star” moon and recent findings that could hint at what lurks beneath its dark surface. You can subscribe to all of The Debrief’s podcasts on our Podcasts Page.

Video News: In the latest installment of Rebelliously Curious, Chrissy Newton is joined by Jeffrey Kripal, Ph.D., for a discussion on various intersections of UAP, theology, and science. You can check out this interview, and other great content from The Debrief, on our official YouTube Channel.

Now, it’s time to look at the recent revelations about Beijing’s hacking operations, as revealed in a newly leaked trove of documents that recently surfaced online.

Beijing’s Booming Hacking Business

This morning, the extent of the Chinese government’s reliance on hackers was unveiled, following the leak of a series of documents that showcased an industry built around efforts by hacking groups to bid for what amounts to government contracts.

The revelations were made as part of a pair of releases by The New York Times and the Washington Post Thursday morning, each of which exposed details on the hacking operations.


Based on the leaked documents, military and intelligence groups in China have enacted “large-scale, systematic cyber intrusions against foreign governments, companies and infrastructure,” according to the Washington Post, which has exploited purported vulnerabilities in the software offered by several of the world’s leading providers, including Google, Microsoft, and Apple.

I-Soon: Hacking Tools and Data for Sale

At the heart of the controversy is the Chinese security firm I-Soon, which is alleged to have sold hacking tools and data that supported Beijing’s state-sponsored hacking efforts.

Examples cited by The New York Times included a $15,000 price tag that allowed a local government in southwestern China to access private traffic policing data from Vietnam, as well as $100,000 “that helped run disinformation campaigns and hack accounts on X” and a hefty $278,000 that allowed Chinese customers to access “a trove of personal information behind social media accounts on platforms like Telegram and Facebook.”

The eight-year hacking campaign also targeted the technological infrastructure and communication systems of targets in several other Asian countries, in addition to its use in monitoring ethnic minorities in China.

The documents, widely believed to be authentic, shed new light on the burgeoning private industry of cyberespionage in China, and their ties to the country’s Ministry of State Security and the People’s Liberation Army.


The batch of documents, which according to the Times appeared on a public website last week, apparently detail that I-Soon marketed its hacking capabilities to various government agencies in China, offering capabilities primarily described as being for anti-terrorism and surveillance.

Hacking techniques for gaining access to smartphone data, email accounts, and a range of other capabilities for use in military operations were also detailed.

The Extent of China’s Hacking Operations

Building on existing reports from recent months that divulged China’s hacking intrusions, the new documents appear to reveal that China has skirted efforts by the U.S. and its allies to curb its hacking operations. Not only that, but China appears to have now taken a few pages out of the playbook of countries like Russia and Iran, now going beyond just espionage and, in some instances, employing malware to damage or gain unauthorized access to critical infrastructure in America, resulting in a surge of hacking incidents that have hit a variety of targets.

Also of particular concern in the leaks had been a spreadsheet that contained “a sample of 459GB of road-mapping data from Taiwan, the island of 23 million that China claims as its territory,” data which would provide recent data to the country if a future invasion of the country.

However, since the hacking and espionage efforts are often managed by provincial-level state security offices, there is also some evidence of situations where some of the hacking efforts have backfired to a degree, and sometimes may have led to conflicts with diplomatic priorities.

Presently, the Chinese government has not acknowledged the leaks, which paint a concerning picture of its use of hacking in relation to the current state of online global security. Last weekend, FBI director Christopher Wray said during a visit to Munich that hacking efforts directed against the U.S. and its allies have reached a “scale greater than we’d seen before,” placing them among the most significant threats to national security that presently exist.

“Taken together, the files offered a rare look inside the secretive world of China’s state-backed hackers for hire,” the Times reported. Although the newest revelations warrant concern, they aren’t entirely unexpected, and the leaked information also potentially offers data that cybersecurity experts can leverage in defending against potential methods Chinese hacking efforts may employ to exploit vulnerabilities.

That concludes this week’s installment of The Intelligence Brief. You can read past editions of The Intelligence Brief at our website, or if you found this installment online, don’t forget to subscribe and get future email editions from us here. Also, if you have a tip or other information you’d like to send along directly to me, you can email me at micah [@] thedebrief [dot] org, or Tweet at me @MicahHanks.

Here are the top stories we’re covering right now…