Leaked Files Show the Secret World of China’s Hackers for Hire

The hackers offered a menu of services, at a variety of prices.

A local government in southwest China paid less than $15,000 for access to the private website of traffic police in Vietnam. Software that helped run disinformation campaigns and hack accounts on X cost $100,000. For $278,000 Chinese customers could get a trove of personal information behind social media accounts on platforms like Telegram and Facebook.

The offerings, detailed in leaked documents, were a portion of the hacking tools and data caches sold by a Chinese security firm called I-Soon, one of the hundreds of enterprising companies that support China’s aggressive state-sponsored hacking efforts. The work is part of a campaign to break into the websites of foreign governments and telecommunications firms.

The materials, which were posted to a public website last week, revealed an eight-year effort to target databases and tap communications in South Korea, Taiwan, Hong Kong, Malaysia, India and elsewhere in Asia. The files also showed a campaign to closely monitor the activities of ethnic minorities in China and online gambling companies.

The data included records of apparent correspondence between employees, lists of targets, and material showing off cyberattack tools. Three cybersecurity experts interviewed by The Times said the documents appeared to be authentic.

Taken together, the files offered a rare look inside the secretive world of China’s state-backed hackers for hire. They illustrated how Chinese law enforcement and its premier spy agency, the Ministry of State Security, have reached beyond their own ranks to tap private-sector talent in a hacking campaign that United States officials say has targeted American companies and government agencies.

“We have every reason to believe this is the authentic data of a contractor supporting global and domestic cyberespionage operations out of China,” said John Hultquist, the chief analyst at Google’s Mandiant Intelligence.