Recorded Future publishes a 24 page report on i-SOON and their connections to offensive cyberespionage operations attributed to RedHotel, RedAlpha and POISON CARP. The links indicate that they are likely sub-teams focused on specific missions within the same company. i-SOON's victims span 22 countries, with government, telco and education being the most targeted sectors. i-SOON also supports domestic including the targeting of ethnic and religious minorities and the online gambling industry. i-SOON very likely uses and sells access to custom malware families like Winnti and ShadowPad. IOC provided. 🔗 https://www.recordedfuture.com/attributing-i-soon-private-contractor-linked-chinese-state-sponsored-groups

#ISOON #cyberespionage #China #APT #threatintel #IOC #redhotel #redalpha #poisoncarp #winnti #shadowpad

New Leak Shows Business Side of China’s APT Menace

https://krebsonsecurity.com/2024/02/new-leak-shows-business-side-of-chinas-apt-menace/

#U.S.DepartmentofJustice #Ne'er-Do-WellNews #ALittleSunshine #DataBreaches #MeiDanowski #SentinelOne #CitizenLab #DakotaCary #PoisonCarp #WillThomas #WuHaibo #i-SOON

Researchers from Lookout Threat Lab (Kristina Balaam et al.) have uncovered two new precrime #surveillance campaigns targeting #Uyghur diaspora & *in* the PRC

https://lookout.com/blog/uyghur-surveillance-campaign-badbazaar-moonshine

- intersects with Android exploit and tool against #Tibetan diaspora surfaced by @citizenlab in 2019 #poisoncarp