I-S00N Leak Enigma

February 19 2024

On February 17, 2024, a startling revelation shook the cybersecurity community worldwide when a new repository emerged on GitHub, unleashing a torrent of leaked communications and chat logs from a prominent Chinese company. GitHub, typically known as a platform for collaborative software development, unexpectedly became a conduit for what seemed like a significant data breach. The repository, ominously named I-S00N, appeared to be associated with APT-41 threat actors, signifying a potentially alarming development in the realm of cybersecurity as 2024 unfolds.

The identity behind I-S00N remains shrouded in mystery, raising numerous perplexing questions. Is it the work of a lone hacker or a sophisticated information security company? Why have these data been leaked now, and what do they entail?

Delving into the enigma of I-S00N reveals a company that, despite its recent emergence in the public eye, has a history intertwined with APT groups and the Chinese government. According to information sourced from Crunchbase, I-S00N is described as a provider of information security products, offering safety advice, support, and maintenance of IT operations services based in Chengdu, Sichuan, China. A Series B startup with a reported employee count ranging from 150 to 250 and backed by three main investors, I-S00N's existence predates its sudden exposure on GitHub. NATTO Team, a group closely monitoring cybersecurity developments, previously highlighted I-S00N's connection to a legal dispute involving Chengdu 404, a company allegedly linked to Chinese state hacking operation APT41. This revelation suggests that I-S00N is not a newcomer but rather a player with established ties to APT networks and the Chinese government.

Recent events have further deepened the intrigue surrounding I-S00N. Detailed chats and screenshots from the company's internal communications have surfaced, offering unprecedented insights into its operations. The leaked logs reveal alarming discussions between company executives and employees, implicating corruption and potentially compromising information. Documents numbered 39 to 60 outline purported infiltration efforts by An Xun, targeting overseas government departments spanning India, Thailand, Vietnam, South Korea, NATO, and others. Additional chat logs feature sensitive exchanges between individuals identified as threat actors, discussing access to highly confidential data from government entities such as the Ministry of Foreign Affairs and the Health Bureau. Moreover, discussions between individuals known as "lengmo" and "Shutd0wn" shed light on financial irregularities within the organization, including strategies to manage team leader salaries discreetly.

In a startling turn of events, the leaked communications from I-S00N have revealed damning information regarding Shanghai Anxun, suggesting that their information is unreliable and potentially a trap for national government agencies. High confidential chat records between An Xun's first-in-command, Wu Haibo, and second-in-command, Chen Cheng, have come to light, exposing the company's deceptive practices and manipulation of sensitive data. Furthermore, employee information from An Xun has been laid bare, underscoring the extent of the breach and the company's vulnerability to external threats. These revelations point to a broader pattern of deceit by An Xun, including their deception of national security agencies and their susceptibility to financial issues.

As the cybersecurity community grapples with these revelations, critical questions arise. What are the true intentions behind I-S00N's actions? Why are these data being leaked now, and what implications do they hold for cybersecurity globally? Amidst the uncertainty, one thing remains clear: the significance of cybersecurity has never been more pronounced. In an era where data warfare can be as destructive and perilous as traditional conflicts, understanding and addressing cybersecurity threats are imperative. The digital landscape presents an expansive threat surface, where the adversaries are elusive, and the outcomes are unpredictable. In this digital battleground, vigilance and preparedness are paramount to safeguarding against the ever-evolving cyber threats that permeate our interconnected world.

author: cybereagle2001 (Oussama Ben Hadj Dahman)

Used references : NATTO TEAM article (i-SOON: Another Company in the APT41 Network) - IS00N github Repository - IS00N twitter translated chats

---