I came across this on Github yesterday and saw some discussion around it yesterday evening. Someone around 3 days ago just literally I guess rage dumped a bunch of Chinese espionage stuff in a public Github repo and oh boy theres some stuff in here. I put the Github repository code link at the end of the post, but its all Mandarin and its also quite a lot of stuff so I've put together some findings from some people who looked into it.
So disclaimer, while this isnt like 'Directly' the Chinese govt, it looks to be APT 41 which is like is a hacking organization with alleged ties to the Chinese Ministry of State Security (MSS).

Also this gets scary real fast, doesnt seem to be any direct USA hacking in here though.

quote:
Also funny thing is dude who leaked it appeared to be pissed about his pay (Just $277 / Month)

Some interesting tidbits before diving further.

quote:
If the leaks are to be believed, they claim to have penetrated government bodies for India, Thailand, S Korea, Vietnam, and NATO

quote:
thailands navy, rail....india's gov

quote:
TBs of data stolen from Pakistan, Kazakhstan, Kyrgyzstan, Malaysia, Mongolia, Nepal, Türkiye, India, Egypt, France, Cambodia, Rwanda, Nigeria, Hongkong, Indonesia, Vietnam, Myanmar, Philippines, Afghanistan

Some more Govt Victims

quote:
> screenshot of a list of bunch of UK agencies (purpose unknown), including
- Home Office
- British Treasury
- DFID
- UK Department for Business, Energy and Industrial Warfare
- UK Department of Education
- UK Department for Environment and Food+
- Department for Brexit
- british department for transport
- UK Ministry of Health and Social Care
- British Ministry of Justice
- UK National Crime Agency
- HMRC
- chathamhouse chathamhouse
- British Institute for International Strategic Studies IISS
- Center for Foreign Policy Studies
- Center for Defense and International Security Studies
- Rand Institute European Branch
- Haiding Group
- Human Rights Watch
- Amnesty International

quote:
2022-05-06
> which one did they want (from UK)? foreign affairs? the most important one they wanted
> yep, top priority
> okay, the team just told me there's a chance we can take control of the system
> team says they've got a 0day and for sure can take the system; will take about 2 weeks. can they pay in advance?
> https://infosec.exchange/@still/111954872879820044

*screenshot content*
> UK Foreign Affairs had already been taken by another contractor
> choose a different one
> ??

quote:
Re:
- Kyrgyzstan Diplomatic Oil Service
- National Security Council Oil Service
- Asan Central Bureau of Investigation for Foreign Affairs and Defense (It seems that they have it all!)

quote:
they had also thought about getting access to NATO but decided it was too difficult

quote:
A: client says NATO is not exactly possible
> B: what do they mean by "not exactly possible?"
> A: they had already tried NATO before
> A: also they're not exactly interested
> B: we've got stuff from their chairman
> B: stuff from Jens Stoltenberg
> A: well not everything you think is interesting will necessarily be the same for others
> B: what about making it cheaper? I'm running low on money
> A: it's not about how much it costs, but that it's not worth it

quote:
It seems a Vietnam Television station was compromised.
Keywords to be searched:
- intelligence
- china
- United states
- tranquility

quote:
Some of these software features includes obtaining the user's Twitter email and phone number, realtime monitoring, publishing tweets on their behalf, reading DMs.

The Twitter exploitation tool also has the capability to take over Twitter accounts despite 2FA, with the victim not being notified on the bypass.

quote:
This is the weirdest of them all - a WiFi-capable device that can inject into the targeted... Android devices via WiFi? The device is said to be portable, plug and play, supports 3G and 4G. After a successful injection, it can get device info, GPS, SMS, contacts, call log, files

quote:
The Chinese APT leak has call data records (CDR) from Kazakhstan. One of the telcos in Kazakhstan is Tele2, which includes ALTEL. Both are listed in the CDR log.

Basically means they got directly into Call Logs in Kazakhstan Tele Networks.

Heres an image of some of the Victims, it says UCF there wtf lol

quote:
The Email Analysis platform by by iSOON reveals an aspect of Chinese APT campaigns we’ve never seen before. We now know the MPS can recreate their victim’s inboxes using the .eml files, perform link analysis, and can pivot or add to the investigation with mass email data ingests.