LIVING ARTICLE, WILL BE UPDATED AS SOON AS I GET NEW DETAILS
Hi folks,
In this post I want to share my findings from the recent infamous Anxun Leak, in particular, from the chat logs.
Some overview and brief
Initial Source of Leak – https://github.com/I-S00N
Website – http://www.i-soon.net
Company Name – Shanghai Anxun Information Technology Co.
Company Information – https://pitchbook.com/profiles/company/433635-85
Provider of information technology security consulting services. The company’s service includes risk assessments, firefwall/penetration testing, APT attack protection and program audits, enabling enterprises to conduct IT operations more securely. Actually, the company is very similar in NTC Vulcan in terms of functions in the government: quite big cyber offensive contractor for tools development and perform cyber offensive operations.
Possibly, insider has leaked the data to expose shady activities by the company, but could be a cover for other sort of operation.
Data consists of few main parts, which have been highlighted by the whistleblower:
- Anxun relationships with National Security Agencies in China;
- Employee data;
- Anxun’s financial documents;
- Chat records between Anxun’s members;
- Anxun’s products internal documentation;
- Proofs of Anxun infiltration overseas nations, such as NATO countries, South Korea, US etc.
There are plenty of analytical notes on the leak already, I want to focus on the chat logs to share.
Chat Overview
The chat logs come mostly from WeChat chatroom (wxid_* is a unique ID being assigned to the user by WeChat system).
We have plenty of users in the chatrooms, here is the most popular senders and receivers
Sender | Count Messages |
lengmo | 4981 |
Shutd0wn | 3675 |
wxid_5390224027312 | 1409 |
wxid_7p054rmzkhqf21 | 894 |
wxid_wh6x59w70y3r22 | 620 |
Receiver | Count Messages |
Shutd0wn | 4661 |
lengmo | 3987 |
wxid_5390224027312 | 1611 |
wxid_7p054rmzkhqf21 | 804 |
wxid_zb45i0rc71yk21 | 697 |
shutd0wn –
lengmo –
From the graph, it is quite obvious, that both personas are the most frequent talkers according to chat logs.
The interesting part is despite the fact lengmo and shutd0wn are very important persones in the organization, their circle of connections is limited.