{
  "name": "Private Contractor Linked to Multiple Chinese State-Sponsored Groups",
  "slug": "private-contractor-linked-to-multiple-chinese-state-sponsored-groups",
  "description": "A recent leak from I-SOON, a Chinese IT and cybersecurity company, has revealed connections to several state-sponsored cyber groups including RedAlpha, RedHotel, and Poison Carp. The leak exposes a sophisticated espionage network involving the theft of communications data for individual tracking. Analysis confirms operational and organizational ties between I-SOON and these groups, highlighting I-SOON's role as a digital quartermaster providing shared cyber capabilities in China's aggressive cyber ecosystem. Despite the leak, I-SOON is expected to continue operations with minor adjustments. The revelation enhances understanding of Chinese cyber espionage and may impact future US legal actions against I-SOON operatives.",
  "published": "2025-06-13T17:49:19+00:00",
  "created_at": "2025-06-13T17:49:19+00:00",
  "modified_at": "2025-06-13T18:51:03+00:00",
  "created_at_opencti": "2025-06-13T17:49:19+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-06-13",
    "contractor",
    "i-soon",
    "poison carp",
    "redalpha",
    "redhotel",
    "state-sponsored"
  ],
  "related_entities": {
    "intrusion_sets": [
      {
        "id": "2c823184-da99-48ce-9db5-557249ae2457",
        "name": "I-SOON",
        "slug": "i-soon"
      }
    ],
    "attack_patterns": [
      {
        "id": "9d966bc9-26cc-42dc-a9a7-fce61a440dae",
        "name": "T1596"
      },
      {
        "id": "2969e5a7-1049-4df8-b1ba-8a0675de6b94",
        "name": "T1589"
      },
      {
        "id": "74d5f31c-5e2d-4aed-b8b9-4fabdde76dfa",
        "name": "T1598"
      },
      {
        "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d",
        "name": "T1102"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "China"
      },
      {
        "id": "",
        "name": "United States of America"
      }
    ]
  },
  "external_refs": [
    "https://www.recordedfuture.com/ko/research/attributing-i-soon-private-contractor-linked-chinese-state-sponsored-groups",
    "https://otx.alienvault.com/pulse/684c80bf12cda0093015c01e"
  ]
}