Hi folks,
In this post I want to share my findings from the recent infamous Anxun Leak, in particular, from the chat logs.
Some overview and brief
Initial Source of Leak – https://github.com/I-S00N
Company Website – http://www.i-soon.net
Company Name – Shanghai Anxun Information Technology Co.
Company Information – https://pitchbook.com/profiles/company/433635-85
Data Analysis and Highlights – https://github.com/hyde1337/anxun-isoon-leaks
Provider of information technology security consulting services. The company’s service includes risk assessments, firefwall/penetration testing, APT attack protection and program audits, enabling enterprises to conduct IT operations more securely. Actually, the company is very similar in NTC Vulcan in terms of functions in the government: quite big cyber offensive contractor for tools development and perform cyber offensive operations.
Possibly, insider has leaked the data to expose shady activities by the company, but could be a cover for other sort of operation.
Data consists of few main parts, which have been highlighted by the whistleblower:
- Anxun relationships with National Security Agencies in China;
- Employee data;
- Anxun’s financial documents;
- Chat records between Anxun’s members;
- Anxun’s products internal documentation;
- Proofs of Anxun infiltration overseas nations, such as NATO countries, South Korea, US etc.
Chat Overview
The chat logs come mostly from WeChat chatroom (wxid_* is a unique ID being assigned to the user by WeChat system).
| Sender | Count Messages |
| lengmo | 4981 |
| Shutd0wn | 3675 |
| wxid_5390224027312 | 1409 |
| wxid_7p054rmzkhqf21 | 894 |
| wxid_wh6x59w70y3r22 | 620 |
| Receiver | Count Messages |
| Shutd0wn | 4661 |
| lengmo | 3987 |
| wxid_5390224027312 | 1611 |
| wxid_7p054rmzkhqf21 | 804 |
| wxid_zb45i0rc71yk21 | 697 |
