A data set was leaked that provides a rare insight into China's methods of conducting hacking operations worldwide. The internal documents show the extent of cooperation between the Chinese cybersecurity company i-Soon and the Chinese government and intelligence services. In four consecutive reports BfV examines the leak in detail and describes the level of industrialization of cyber espionage activities by privately organized companies, who carry out cyber-attacks for state entities.

The leaked documents do not contain any indication of affected entities in Germany, however, the analysis offers an insight into the inner workings of private hacker companies and providers of malicious software and their close ties to the Chinese state. It also lays bare how hacking groups operate and how government agencies leverage them.

The BfV’s evaluation of the leaked data is presented in a total of four reports, which are structured as follows:

• Organization and methods of i-Soon APT units (part 1),
• Connections of i-Soon to the Chinese security apparatus (part 2),
• Affected countries and specific targets of i-Soon (part 3, will be released on August 15),
• Offered products and i-Soon customers (part 4, will be released on August 22).