The hackers offered a menu of services, at a variety of prices.

駭客們提供了價格多樣的一系列服務。

A local government in southwest China paid less than $15,000 for access to the private website of traffic police in Vietnam. Software that helped run disinformation campaigns and hack accounts on X cost $100,000. For $278,000 Chinese customers could get a trove of personal information behind social media accounts on platforms like Telegram and Facebook.

為訪問越南交警的內部網站，中國西南部的一個地方政府花了10萬人民幣。幫助客戶在X上開展虛假信息運動、入侵他人帳號的軟體價格為70萬人民幣。中國客戶花200萬人民幣就能獲得Telegram和Facebook等社群媒體平台上大量帳號背後的個人信息。

The offerings, detailed in leaked documents, were a portion of the hacking tools and data caches sold by a Chinese security firm called I-Soon, one of the hundreds of enterprising companies that support China’s aggressive state-sponsored hacking efforts. The work is part of a campaign to break into the websites of foreign governments and telecommunications firms.

這些內容來自一家名為安洵信息的中國安全公司的外洩文件，是該公司所出售的駭客工具和緩存數據的一部分。在中國有數百家類似公司，它們為中國政府資助的攻擊性駭客活動提供支持，駭客活動的目標包括入侵外國政府和電信公司的網站。

The materials, which were posted to a public website last week, revealed an eight-year effort to target databases and tap communications in South Korea, Taiwan, Hong Kong, Malaysia, India and elsewhere in Asia. The files also showed a campaign to closely monitor the activities of ethnic minorities in China and online gambling companies.

這些文件上週被人放在了一個公共網站上，披露了一項長達八年的努力，該努力旨在攻擊和獲取韓國、台灣、香港、馬來西亞、印度和亞洲其他地區的數據庫，對通信進行竊聽。這些文件還顯示了一項密切監視中國少數民族和在線賭博公司活動的行動。

The data included records of apparent correspondence between employees, lists of targets, and material showing off cyberattack tools. Three cybersecurity experts interviewed by The Times said the documents appeared to be authentic.

文件內容包括看來顯然是員工間的通信記錄、攻擊目標清單，以及網路攻擊工具的介紹材料。接受時報採訪的三名網路安全專家說，這些文件看起來是真實的。

Taken together, the files offered a rare look inside the secretive world of China’s state-backed hackers for hire. They illustrated how Chinese law enforcement and its premier spy agency, the Ministry of State Security, have reached beyond their own ranks to tap private-sector talent in a hacking campaign that United States officials say has targeted American companies and government agencies.

把這些文件綜合起來，讓我們難得得以一窺中國政府支持的招攬駭客的隱蔽活動。從中可以看到，中國的執法部門以及主要間諜機構——國家安全部已在駭客運動中利用外部私營部門的人才。美國官員稱，這場駭客運動的目標包括美國的公司和政府機構。

“We have every reason to believe this is the authentic data of a contractor supporting global and domestic cyberespionage operations out of China,” said John Hultquist, the chief analyst at Google’s Mandiant Intelligence.

「我們完全有理由相信，這是為中國的全球和國內網路間諜活動提供支持的承包商的真實數據，」谷歌的曼迪昂特情報中心首席分析師約翰·胡爾特奎斯特說。

Mr. Hultquist said the leak revealed that I-Soon was working for a range of Chinese government entities that sponsor hacking, including the Ministry of State Security, the People’s Liberation Army and China’s national police. At times the firm’s employees focused on overseas targets. In other cases they helped China’s feared Ministry of Public Security surveil Chinese citizens domestically and overseas.

胡爾特奎斯特說，洩漏的文件顯示，安洵正在為眾多支持駭客活動的中國政府實體工作，包括國家安全部、中國人民解放軍和武警。有的時候，這家公司的員工把注意力集中在海外目標上。在其它情況下，他們幫助中國令人懼怕的公安部監視國內外的中國公民。

“They are part of an ecosystem of contractors that has links to the Chinese patriotic hacking scene, which developed two decades ago and has since gone legit,” he added, referring to the emergence of nationalist hackers who have become a kind of cottage industry.

他還說，「他們是與中國的愛國駭客圈有關的承包商生態系統的一部分，這種活動是20年前發展起來的，後來已經合法化。」他指的是民族主義駭客的出現，這些駭客已形成了一種小作坊產業。

I-Soon did not respond to emailed questions about the leak.

安洵沒有回覆用電子郵件發去的有關洩漏文件的提問。

The revelations underscore the degree to which China has ignored, or evaded, American and other efforts for more than a decade to limit its extensive hacking operations. And it comes as American officials are warning that the country has not only doubled down, but also has moved from mere espionage to the implantation of malicious code in American critical infrastructure — perhaps to prepare for a day when conflict erupts over Taiwan.

從這些被曝光的文件可以看到十多年來，中國在多大程度上無視或避開了美國和其他國家為限制其廣泛的駭客活動所做的努力。發生文件外洩的同時，美國官員正在發出警告，指出中國不僅已在加強相關努力，而且已從單純的間諜活動轉向在涉及美國關鍵基礎設施的軟體中植入惡意代碼，這或許是在為有朝一日的台海衝突做準備。

The Chinese government’s use of private contractors to hack on its behalf borrows from the tactics of Iran and Russia, which for years have turned to nongovernmental entities to go after commercial and official targets. Although the scattershot approach to state espionage can be more effective, it has also proven harder to control. Some Chinese contractors have used malware to extort ransoms from private companies, even while working for China’s spy agency.

中國政府使用私人承包商進行駭客攻擊的做法借鑒了伊朗和俄羅斯的策略，這兩個國家多年來一直在用非政府實體攻擊商業和官方目標。雖然以分散方式為國家進行間諜活動可能更有效，但事實證明這種做法也更難以控制。有的中國承包商甚至在為中國間諜機構工作的同時，利用惡意軟體向私營公司勒索贖金。

In part, the change is rooted in a decision by China’s top leader, Xi Jinping, to elevate the role of the Ministry of State Security to engage in more hacking activities, which had previously fallen primarily under the purview of the People’s Liberation Army. While the security ministry emphasizes absolute loyalty to Mr. Xi and Communist Party rule, its hacking and espionage operations are often initiated and controlled by provincial-level state security offices.

在一定程度上，這種轉變源自中國最高領導人習近平提升國家安全部地位的決定，讓其參與更多的駭客活動，而在過去，這些活動主要由中國人民解放軍來實施。儘管國安部強調對習近平和中共統治的絕對忠誠，但它的駭客和間諜活動往往由省級國安部門發起和控制。

Those offices sometimes, in turn, farm out hacking operations to commercially driven groups — a recipe for occasionally cavalier and even sloppy espionage activities that fail to heed to Beijing’s diplomatic priorities and may upset foreign governments with their tactics.

有時候，這些省級部門會轉而將駭客行動外包給以盈利為目標的機構，偶爾這會導致漫不經心甚至草率的間諜活動，結果未能遵循北京的外交優先事項，甚至激怒外國政府。

Parts of China’s government still engage in sophisticated top-down hacks, like endeavoring to place code inside U.S. core infrastructure. But the overall number of hacks originating in China has surged and targets have ranged more broadly — including information about Ebola vaccines and driverless car technology.

一些政府部門仍在從事上層下達的高級駭客活動，比如在美國的核心基礎設施中植入代碼。但源自中國的駭客攻擊總數已激增，目標範圍變得更廣泛，包括有關伊波拉疫苗和無人駕駛汽車技術的信息。

That has fueled a new industry of contractors like I-Soon. Although a part of the cloak-and-dagger world of Chinese cyberespionage, the Shanghai company, which also has offices in Chengdu, epitomized the amateurishness that many of China’s relatively new contractors bring to hacking. The documents showed that at times the company was not sure if services and data it was selling were still available. For instance, it noted internally that the software to spread disinformation on X was “under maintenance” — despite its $100,000 price tag.

這已催生出一個像安洵這樣的承包商構成的新興行業。這家公司的總部設在上海，在成都也設有辦公室，儘管它是中國網路間諜活動神秘世界的一部分，但從中也不難看到中國許多相對較新的駭客承包商對入侵行為的不專業態度。洩漏的文件顯示，安洵有時拿不準其銷售的服務和數據是否仍然可用。例如，它的內部溝通顯示，在X上傳播虛假信息的軟體「正在維護中」——儘管標價為70萬人民幣。

The leak also outlined the workaday hustle, and struggle, of China’s entrepreneurial hacking contractors. Like many of its rivals, I-Soon organized cybersecurity competitions to recruit new hires. In place of selling to a centralized government agency, one spreadsheet showed, I-Soon had to court China’s police and other agencies city by city. That meant advertising and marketing its wares. In one letter to local officials in western China, the company boasted that it could help with antiterrorism enforcement because it had broken into Pakistan’s counterterrorism unit.

透過這批洩漏文件還能看到中國有創業精神的駭客承包商們的日常忙���和掙扎。與許多對手一樣，安洵為招募新員工組織了網路安全競賽。一份電子表格顯示，安洵的銷售對象並非中央機構，而是不得不去各個城市向當地的警方和其他機構兜售。這意味著要為其產品打廣告、做推銷。在給中國西部地區官員的一封信中，安洵吹噓說能協助反恐執法，因為它曾侵入過巴基斯坦的反恐部門。

Materials included in the leak that promoted I-Soon’s hacking techniques described technologies built to break into Outlook email accounts and procure information like contact lists and location data from Apple’s iPhones. One document appeared to contain extensive flight records from a Vietnamese airline, including travelers’ identity numbers, occupations and destinations.

洩漏文件包括安洵駭客技術的宣傳材料，描述了用這些技術侵入Outlook電子郵件帳戶、從蘋果iPhone獲取通訊錄和地理位置數據等信息的實例。一份文件裡似乎有一家越南航空公司的大量航班記錄，包括旅客的身份證號碼、職業和目的地。

Vietnam’s foreign ministry did not immediately respond to an emailed request for comment.

越南外交部沒有馬上回覆用電子郵件發去的置評請求。

At the same time, I-Soon said it had built technology that could meet the domestic demands of China’s police, including software that could monitor public sentiment on social media inside China. Another tool, made to target accounts on X, could pull email addresses, phone numbers and other identifiable information related to user accounts, and in some cases, help hack those accounts.

與此同時，安洵說，它已開發出能滿足中國警方國內需求的技術，包括能監控中國社群媒體上公眾情緒的軟體。另一個用於針對X上帳號的工具能提取與用戶帳號相關的電子郵件地址、電話號碼和其他可識別身份的信息，並在某些情況下為侵入這些帳號提供幫助。

In recent years, Chinese law enforcement officials have managed to identify activists and government critics who had posted on X using anonymous accounts from inside and outside China. Often they then used threats to force X users to take down posts that the authorities deemed overly critical or inappropriate.

近年來，中國的執法者已找到辦法查明境內外通過匿名帳號在X上發帖的活動人士和政府批評者的身份。然後，他們往往會威脅X平台的用戶，強迫他們刪掉當局認為尖銳批評或不恰當的帖子。

Mao Ning, a spokeswoman for the Chinese Ministry of Foreign Affairs, said at a news briefing Thursday that she was not aware of a data leak from I-Soon. “As a matter of principle, China firmly opposes and cracks down on all forms of cyberattacks in accordance with the law,” Ms. Mao said.

中國外交部發言人毛寧在週四的例行記者會上說，她不了解安洵數據洩漏事件。「作為原則，中方堅決反對並依法打擊各種形式的網路攻擊行為，」毛寧說。

X did not respond to a request seeking comment. A spokesman said the South Korean government would have no comment.

X沒有回覆置評請求。韓國政府的一名發言人表示無可奉告。

Even though the leak involved only one of China’s many hacking contractors, experts said the huge amount of data could help agencies and companies working to defend against Chinese attacks.

儘管這次洩漏只涉及中國眾多駭客承包商中的一家，但專家表示，洩漏出來的大量數據能幫助外國機構和公司抵禦中國的攻擊。

“This represents the most significant leak of data linked to a company suspected of providing cyberespionage and targeted intrusion services for the Chinese security services,” said Jonathan Condra, the director of strategic and persistent threats at Recorded Future, a cybersecurity firm.

「這是一起最為重大的數據洩漏事件，與一家涉嫌為中國安全部門提供網路間諜服務、進行針對性入侵的公司有關，」網路安全公司Recorded Future負責戰略和持續威脅的總監喬納森·康德拉說。

Among the information hacked was a large database of the road network in Taiwan, an island democracy that China has long claimed and threatened with invasion. The 459 gigabytes of maps came from 2021, and showed how firms like I-Soon collect information that can be militarily useful, experts said. China’s government itself has long deemed Chinese driving navigation data as sensitive and set strict limits on who can collect it.

遭駭客入侵的目標包括一個台灣公路網的大型數據庫。台灣是一個民主自治的島嶼，中國長期以來一直聲稱對其擁有主權，並威脅要入侵台灣。這個數據庫裡有459GB來自2021年的地圖，專家們表示，這不難看出像安洵這樣的公司收集信息的軍事用途。中國政府自己長期以來一直把中國的駕駛導航數據視為敏感數據，並對誰能收集這些數據有嚴格的限制。

“Figuring out the road terrain is crucial for planning armored and infantry movements around the island on the way to occupy population centers and military bases,” said Dmitri Alperovitch, a cybersecurity expert.

「弄清楚道路地形，對裝甲部隊和步兵在島上佔領人口中心和軍事基地行動的軍事規劃至關重要，」網路安全專家德米特里·阿爾佩羅維奇說。

Other information included internal email services or intranet access for multiple Southeast Asian government ministries, including Malaysia’s foreign and defense ministries and Thailand’s national intelligence agency. Immigration data from India that covered national and foreign passengers’ flight and visa details was also up for grabs, according to the files.

洩漏出來的信息還包括多個東南亞國家政府部門（包括馬來西亞外交部和國防部，以及泰國國家情報機構）的內部電子郵件服務或內聯網訪問。據洩漏文件，來自印度的入境數據涵蓋了國內外乘客的航班和簽證信息，這些數據也可供購買。

In other cases I-Soon claimed to have access to data from private companies like telecom firms in Kazakhstan, Mongolia, Myanmar, Vietnam and Hong Kong.

此外，安洵還聲稱能訪問私營公司的數據，比如哈薩克、蒙古、緬甸、越南和香港的電信公司。

The revelations gained about Chinese attacks are likely to confirm the fears of policymakers in Washington, where officials have issued repeated, dire warnings about such hacks. Last weekend in Munich, the director of the Federal Bureau of Investigation, Christopher A. Wray, said that hacking operations from China were now directed against the United States at “a scale greater than we’d seen before,” and ranked it among America’s chief national security threats.

有關中國駭客行動的曝光可能會證實華盛頓決策者們的擔憂，美國官員已多次就此類駭客攻擊發出嚴重警告。上週末在慕尼黑，聯邦調查局局長克里斯托弗·雷說，中國針對美國的駭客行動「規模比我們以前見過的更大」，他將這種駭客行動列為美國的主要國家安全威脅之一。

He became one of the first senior officials to talk openly about Volt Typhoon, the name of a Chinese network of hackers that has placed code in critical infrastructure, resulting in alarms across the government. Intelligence officials believe that the code was intended to send a message: that at any point China could disrupt electrical supplies, water supplies or communications.

他是首批公開談論「伏特颱風」的高級官員之一。「伏特颱風」是一個已將代碼植入美國關鍵基礎設施的中國駭客網的名稱，已引起美國政府各個部門的擔憂。情報官員認為，植入代碼旨在傳達一個信息：中國能隨時中斷美國的電力供應、供水或通訊。

Some of the code has been found near American military bases that rely on civilian infrastructure to keep running — especially bases that would be involved in any rapid response to an attack on Taiwan.

一些植入的代碼是在靠民用基礎設施維持運行的美國軍事基地附近發現的，尤其是那些可能參與對中國襲擊台灣做出快速反應的基地。

“It’s the tip of the iceberg,” Mr. Wray concluded.

雷的結論是，「這只是冰山一角。」