Private Contractor Linked to Multiple Chinese State-Sponsored Groups
Essential information
- Published
- 13/06/2025 19:49
- Modified
- 13/06/2025 20:51
- Tags
- 2025-06-13 contractor i-soon poison carp redalpha redhotel state-sponsored
- Related entities
- 1 intrusion sets (apt), 4 techniques (mitre), 2 others
Description
A recent leak from I-SOON, a Chinese IT and cybersecurity company, has revealed connections to several state-sponsored cyber groups including RedAlpha, RedHotel, and Poison Carp. The leak exposes a sophisticated espionage network involving the theft of communications data for individual tracking. Analysis confirms operational and organizational ties between I-SOON and these groups, highlighting I-SOON's role as a digital quartermaster providing shared cyber capabilities in China's aggressive cyber ecosystem. Despite the leak, I-SOON is expected to continue operations with minor adjustments. The revelation enhances understanding of Chinese cyber espionage and may impact future US legal actions against I-SOON operatives.