top of page

Intel Brief: Leak Reveals Scale of China’s Cyber Espionage Activities

Date: 01/03/2024

Location: Asia-Pacific, Europe.

Who’s involved:

Chinese cybersecurity firm iSOON, AIVD MIVD, China’s Ministry of Public Security

What happened?

  • On 22/02/2024, leaked documents from Chinese cyber security tech firm iSOON, a company allegedly focused on cyberespionage, were anonymously leaked on GitHub, a platform where programmers share software code. These documents have since been removed by the platform, but gave an unprecedented insight into the scale and modus operandi of China’s cyberespionage capabilities and targets. 

  • The leaked information included  iSOON company information and, more importantly, details on iSOON’s hacking operations, particularly across Asia. Those that were hacked by iSOON include: hospitals in Taiwan and India, universities in Hong Kong, and multiple foreign governments, including India, Thailand, South Korea, Vietnam and to a lesser extent members of NATO. 

  • The data gathered by iSOON was shared with Chinese-government agencies. The Ministry of Public Security (MPS), Ministry of State Security and the People’s Liberation Army amongst others, have access to the hacked information.

  • On 06/02/2024, the Dutch military (MIVD) and civilian security (AIVD) services said that the Dutch Ministry of Defense was hacked by Chinese state-sponsored hackers through an internal computer network. Hackers attempted to exploit vulnerabilities in FortiGate, a cybersecurity company, linked devices to steal unclassified research and developments in the Defense network. 


  • The leaks from iSOON are notable for demonstrating the scale of the surveillance and the list of targets deemed important to China’s security services. It shows how Chinese MPS and the Ministry of State Security outsource intelligence to ‘private’ commercial vendors. The Chinese MPS is China’s internal security service that focuses on surveillance, border security and counter-terrorism, much like MI5 or the Russian FSB. China’s cyber espionage is rapidly developing and is creating a growing demand for “spies for hire” , such as iSOON. 

  • The leaks also reiterate the areas of interest for China’s espionage activities. In particular, many of the target organizations were ministries of foreign affairs, security and communication networks based in Asia. The leaked documents named India explicitly as a key target for surveillance and hacked into the government agencies of Kyrgyzstan, Vietnam, Cambodia and Thailand. Attacks were also conducted against non-state entities such as telecommunication firms, medical organizations and academic institutions. The exposure of Chinese cyber espionage likely  increases  political tension between China and the countries actively monitored, though their response is yet to be seen.

  • The scale of China’s espionage activities in Europe has been acknowledged by the AIVD & MIVD, when they reported that Chinese hackers infiltrated the Dutch military networks in 2023. The iSOON leak, however, highlights that Chinese-government agencies do not shy away from engaging in hacking activities to gain access to sensitive information that may help them achieve political, economic, and potentially military objectives. The iSOON leak therefore supports claims made by the AIVD and the MIVD, and should serve as a warning to other governments and businesses.


The iSOON leak was the first major leak referring to the scale of China’s cyberespionage activities, targets, and modus operandi utilized by China’s surveillance state abroad. The scale of the leak and the targets it reveals across government departments and civil society, supports claims on the scale of China’s surveillance activities. It clarifies the increase in espionage activities against perceived adversaries. China’s cyberespionage activities are likely to continue and illustrate the need for cybersecurity measures to prevent infiltration, given that this was one company out of thousands of private companies supplying China’s spying operations with sensitive information and personal data. The iSOON leak demonstrates the necessity of awareness concerning (cyber) espionage and the need for updated cyber security in governments, companies and personal accounts.  


01032024 Intel Brief Chinese cyberespionage activities
Download PDF • 4.39MB


82 views0 comments


bottom of page