“It would not be an understatement to say that China is the number one national security concern that I think we have here in the West.”

China’s offensive cyber activity has undergone a massive shift: What used to be simple smash-and-grab operations in the mid-2000s have evolved into sophisticated business models. We got a lens into this environment through a leak stemming from Chinese company I-Soon, whose data provided a narrow but revealing glimpse into the Chinese cyber contractor marketplace.

I-Soon is a mid-sized contractor that has been operating since 2010. It provides state-sponsored advanced persistent threat (APT) cyber operations and tools, surveillance products and training for public security agencies, intelligence services and the military. The leak, which came from an anonymous GitHub user, included its internal documents and employee chat logs. These shed light on its products, services and customers as well as how some China-nexus adversaries are connected and sharing tools and capabilities.

Adam and Cristian take a deep dive into these findings and how Chinese offensive cyber operations reached this point. They also dig into which PANDA adversaries are connected to I-Soon, how the cyber contractor recruits talent and what we learned about its disgruntled staff. The key takeaway? Leaks like this won’t stop adversaries — and China’s cyber operations aren’t slowing down.