The hackers offered a menu of services, at a variety of prices.

黑客们提供了价格多样的一系列服务。

A local government in southwest China paid less than $15,000 for access to the private website of traffic police in Vietnam. Software that helped run disinformation campaigns and hack accounts on X cost $100,000. For $278,000 Chinese customers could get a trove of personal information behind social media accounts on platforms like Telegram and Facebook.

为访问越南交警的内部网站，中国西南部的一个地方政府花了10万人民币。帮助客户在X上开展虚假信息运动、入侵他人账号的软件价格为70万人民币。中国客户花200万人民币就能获得Telegram和Facebook等社交媒体平台上大量账号背后的个人信息。

The offerings, detailed in leaked documents, were a portion of the hacking tools and data caches sold by a Chinese security firm called I-Soon, one of the hundreds of enterprising companies that support China’s aggressive state-sponsored hacking efforts. The work is part of a campaign to break into the websites of foreign governments and telecommunications firms.

这些内容来自一家名为安洵信息的中国安全公司的外泄文件，是该公司所出售的黑客工具和缓存数据的一部分。在中国有数百家类似公司，它们为中国政府资助的攻击性黑客活动提供支持，黑客活动的目标包括入侵外国政府和电信公司的网站。

The materials, which were posted to a public website last week, revealed an eight-year effort to target databases and tap communications in South Korea, Taiwan, Hong Kong, Malaysia, India and elsewhere in Asia. The files also showed a campaign to closely monitor the activities of ethnic minorities in China and online gambling companies.

这些文件上周被人放在了一个公共网站上，披露了一项长达八年的努力，该努力旨在攻击和获取韩国、台湾、香港、马来西亚、印度和亚洲其他地区的数据库，对通信进行窃听。这些文件还显示了一项密切监视中国少数民族和在线赌博公司活动的行动。

The data included records of apparent correspondence between employees, lists of targets, and material showing off cyberattack tools. Three cybersecurity experts interviewed by The Times said the documents appeared to be authentic.

文件内容包括看来显然是员工间的通信记录、攻击目标清单，以及网络攻击工具的介绍材料。接受时报采访的三名网络安全专家说，这些文件看起来是真实的。

Taken together, the files offered a rare look inside the secretive world of China’s state-backed hackers for hire. They illustrated how Chinese law enforcement and its premier spy agency, the Ministry of State Security, have reached beyond their own ranks to tap private-sector talent in a hacking campaign that United States officials say has targeted American companies and government agencies.

把这些文件综合起来，让我们难得得以一窥中国政府支持的招揽黑客的隐蔽活动。从中可以看到，中国的执法部门以及主要间谍机构——国家安全部已在黑客运动中利用外部私营部门的人才。美国官员称，这场黑客运动的目标包括美国的公司和政府机构。

“We have every reason to believe this is the authentic data of a contractor supporting global and domestic cyberespionage operations out of China,” said John Hultquist, the chief analyst at Google’s Mandiant Intelligence.

“我们完全有理由相信，这是为中国的全球和国内网络间谍活动提供支持的承包商的真实数据，”谷歌的曼迪昂特情报中心首席分析师约翰·胡尔特奎斯特说。

Mr. Hultquist said the leak revealed that I-Soon was working for a range of Chinese government entities that sponsor hacking, including the Ministry of State Security, the People’s Liberation Army and China’s national police. At times the firm’s employees focused on overseas targets. In other cases they helped China’s feared Ministry of Public Security surveil Chinese citizens domestically and overseas.

胡尔特奎斯特说，泄露的文件显示，安洵正在为众多支持黑客活动的中国政府实体工作，包括国家安全部、中国人民解放军和武警。有的时候，这家公司的员工把注意力集中在海外目标上。在其它情况下，他们帮助中国令人惧怕的公安部监视国内外的中国公民。

“They are part of an ecosystem of contractors that has links to the Chinese patriotic hacking scene, which developed two decades ago and has since gone legit,” he added, referring to the emergence of nationalist hackers who have become a kind of cottage industry.

他还说，“他们是与中国的爱国黑客圈有关的承包商生态系统的一部分，这种活动是20年前发展起来的，后来已经合法化。”他指的是民族主义黑客的出现，这些黑客已形成了一种小作坊产业。

I-Soon did not respond to emailed questions about the leak.

安洵没有回复用电子邮件发去的有关泄露文件的提问。

The revelations underscore the degree to which China has ignored, or evaded, American and other efforts for more than a decade to limit its extensive hacking operations. And it comes as American officials are warning that the country has not only doubled down, but also has moved from mere espionage to the implantation of malicious code in American critical infrastructure — perhaps to prepare for a day when conflict erupts over Taiwan.

从这些被曝光的文件可以看到十多年来，中国在多大程度上无视或避开了美国和其他国家为限制其广泛的黑客活动所做的努力。发生文件外泄的同时，美国官员正在发出警告，指出中国不仅已在加强相关努力，而且已从单纯的间谍活动转向在涉及美国关键基础设施的软件中植入恶意代码，这或许是在为有朝一日的台海冲突做准备。

The Chinese government’s use of private contractors to hack on its behalf borrows from the tactics of Iran and Russia, which for years have turned to nongovernmental entities to go after commercial and official targets. Although the scattershot approach to state espionage can be more effective, it has also proven harder to control. Some Chinese contractors have used malware to extort ransoms from private companies, even while working for China’s spy agency.

中国政府使用私人承包商进行黑客攻击的做法借鉴了伊朗和俄罗斯的策略，这两个国家多年来一直在用非政府实体攻击商业和官方目标。虽然以分散方式为国家进行间谍活动可能更有效，但事实证明这种做法也更难以控制。有的中国承包商甚至在为中国间谍机构工作的同时，利用恶意软件向私营公司勒索赎金。

In part, the change is rooted in a decision by China’s top leader, Xi Jinping, to elevate the role of the Ministry of State Security to engage in more hacking activities, which had previously fallen primarily under the purview of the People’s Liberation Army. While the security ministry emphasizes absolute loyalty to Mr. Xi and Communist Party rule, its hacking and espionage operations are often initiated and controlled by provincial-level state security offices.

在一定程度上，这种转变源自中国最高领导人习近平提升国家安全部地位的决定，让其参与更多的黑客活动，而在过去，这些活动主要由中国人民解放军来实施。尽管国安部强调对习近平和中共统治的绝对忠诚，但它的黑客和间谍活动往往由省级国安部门发起和控制。

Those offices sometimes, in turn, farm out hacking operations to commercially driven groups — a recipe for occasionally cavalier and even sloppy espionage activities that fail to heed to Beijing’s diplomatic priorities and may upset foreign governments with their tactics.

有时候，这些省级部门会转而将黑客行动外包给以盈利为目标的机构，偶尔这会导致漫不经心甚至草率的间谍活动，结果未能遵循北京的外交优先事项，甚至激怒外国政府。

Parts of China’s government still engage in sophisticated top-down hacks, like endeavoring to place code inside U.S. core infrastructure. But the overall number of hacks originating in China has surged and targets have ranged more broadly — including information about Ebola vaccines and driverless car technology.

一些政府部门仍在从事上层下达的高级黑客活动，比如在美国的核心基础设施中植入代码。但源自中国的黑客攻击总数已激增，目标范围变得更广泛，包括有关埃博拉疫苗和无人驾驶汽车技术的信息。

That has fueled a new industry of contractors like I-Soon. Although a part of the cloak-and-dagger world of Chinese cyberespionage, the Shanghai company, which also has offices in Chengdu, epitomized the amateurishness that many of China’s relatively new contractors bring to hacking. The documents showed that at times the company was not sure if services and data it was selling were still available. For instance, it noted internally that the software to spread disinformation on X was “under maintenance” — despite its $100,000 price tag.

这已催生出一个像安洵这样的承包商构成的新兴行业。这家公司的总部设在上海，在成都也设有办公室，尽管它是中国网络间谍活动神秘世界的一部分，但从中也不难看到中国许多相对较新的黑客承包商对入侵行为的不专业态度。泄露的文件显示，安洵有时拿不准其销售的服务和数据是否仍然可用。例如，它的内部沟通显示，在X上传播虚假信息的软件“正在维护中”——尽管标价为70万人民币。

The leak also outlined the workaday hustle, and struggle, of China’s entrepreneurial hacking contractors. Like many of its rivals, I-Soon organized cybersecurity competitions to recruit new hires. In place of selling to a centralized government agency, one spreadsheet showed, I-Soon had to court China’s police and other agencies city by city. That meant advertising and marketing its wares. In one letter to local officials in western China, the company boasted that it could help with antiterrorism enforcement because it had broken into Pakistan’s counterterrorism unit.

透过这批泄露文件还能看到中国有创业精神的黑客承包商们的日常忙碌和挣扎。与许多对手一样，安洵为招募新员工组织了网络安全竞赛。一份电子表格显示，安洵的销售对象并非中央机构，而是不得不去各个城市向当地的警方和其他机构兜售。这意味着要为其产品打广告、做推销。在给中国西部地区官员的一封信中，安洵吹嘘说能协助反恐执法，因为它曾侵入过巴基斯坦的反恐部门。

Materials included in the leak that promoted I-Soon’s hacking techniques described technologies built to break into Outlook email accounts and procure information like contact lists and location data from Apple’s iPhones. One document appeared to contain extensive flight records from a Vietnamese airline, including travelers’ identity numbers, occupations and destinations.

泄露文件包括安洵黑客技术的宣传材料，描述了用这些技术侵入Outlook电子邮件账户、从苹果iPhone获取通讯录和地理位置数据等信息的实例。一份文件里似乎有一家越南航空公司的大量航班记录，包括旅客的身份证号码、职业和目的地。

Vietnam’s foreign ministry did not immediately respond to an emailed request for comment.

越南外交部没有马上回复用电子邮件发去的置评请求。

At the same time, I-Soon said it had built technology that could meet the domestic demands of China’s police, including software that could monitor public sentiment on social media inside China. Another tool, made to target accounts on X, could pull email addresses, phone numbers and other identifiable information related to user accounts, and in some cases, help hack those accounts.

与此同时，安洵说，它已开发出能满足中国警方国内需求的技术，包括能监控中国社交媒体上公众情绪的软件。另一个用于针对X上账号的工具能提取与用户账号相关的电子邮件地址、电话号码和其他可识别身份的信息，并在某些情况下为侵入这些账号提供帮助。

In recent years, Chinese law enforcement officials have managed to identify activists and government critics who had posted on X using anonymous accounts from inside and outside China. Often they then used threats to force X users to take down posts that the authorities deemed overly critical or inappropriate.

近年来，中国的执法者已找到办法查明境内外通过匿名账号在X上发帖的活动人士和政府批评者的身份。然后，他们往往会威胁X平台的用户，强迫他们删掉当局认为尖锐批评或不恰当的帖子。

Mao Ning, a spokeswoman for the Chinese Ministry of Foreign Affairs, said at a news briefing Thursday that she was not aware of a data leak from I-Soon. “As a matter of principle, China firmly opposes and cracks down on all forms of cyberattacks in accordance with the law,” Ms. Mao said.

中国外交部发言人毛宁在周四的例行记者会上说，她不了解安洵数据泄露事件。“作为原则，中方坚决反对并依法打击各种形式的网络攻击行为，”毛宁说。

X did not respond to a request seeking comment. A spokesman said the South Korean government would have no comment.

X没有回复置评请求。韩国政府的一名发言人表示无可奉告。

Even though the leak involved only one of China’s many hacking contractors, experts said the huge amount of data could help agencies and companies working to defend against Chinese attacks.

尽管这次泄露只涉及中国众多黑客承包商中的一家，但专家表示，泄露出来的大量数据能帮助外国机构和公司抵御中国的攻击。

“This represents the most significant leak of data linked to a company suspected of providing cyberespionage and targeted intrusion services for the Chinese security services,” said Jonathan Condra, the director of strategic and persistent threats at Recorded Future, a cybersecurity firm.

“这是一起最为重大的数据泄露事件，与一家涉嫌为中国安全部门提供网络间谍服务、进行针对性入侵的公司有关，”网络安全公司Recorded Future负责战略和持续威胁的总监乔纳森·康德拉说。

Among the information hacked was a large database of the road network in Taiwan, an island democracy that China has long claimed and threatened with invasion. The 459 gigabytes of maps came from 2021, and showed how firms like I-Soon collect information that can be militarily useful, experts said. China’s government itself has long deemed Chinese driving navigation data as sensitive and set strict limits on who can collect it.

遭黑客入侵的目标包括一个台湾公路网的大型数据库。台湾是一个民主自治的岛屿，中国长期以来一直声称对其拥有主权，并威胁要入侵台湾。这个数据库里有459GB来自2021年的地图，专家们表示，这不难看出像安洵这样的公司收集信息的军事用途。中国政府自己长期以来一直把中国的驾驶导航数据视为敏感数据，并对谁能收集这些数据有严格的限制。

“Figuring out the road terrain is crucial for planning armored and infantry movements around the island on the way to occupy population centers and military bases,” said Dmitri Alperovitch, a cybersecurity expert.

“弄清楚道路地形，对装甲部队和步兵在岛上占领人口中心和军事基地行动的军事规划至关重要，”网络安全专家德米特里·阿尔佩罗维奇说。

Other information included internal email services or intranet access for multiple Southeast Asian government ministries, including Malaysia’s foreign and defense ministries and Thailand’s national intelligence agency. Immigration data from India that covered national and foreign passengers’ flight and visa details was also up for grabs, according to the files.

泄露出来的信息还包括多个东南亚国家政府部门（包括马来西亚外交部和国防部，以及泰国国家情报机构）的内部电子邮件服务或内联网访问。据泄露文件，来自印度的入境数据涵盖了国内外乘客的航班和签证信息，这些数据也可供购买。

In other cases I-Soon claimed to have access to data from private companies like telecom firms in Kazakhstan, Mongolia, Myanmar, Vietnam and Hong Kong.

此外，安洵还声称能访问私营公司的数据，比如哈萨克斯坦、蒙古、缅甸、越南和香港的电信公司。

The revelations gained about Chinese attacks are likely to confirm the fears of policymakers in Washington, where officials have issued repeated, dire warnings about such hacks. Last weekend in Munich, the director of the Federal Bureau of Investigation, Christopher A. Wray, said that hacking operations from China were now directed against the United States at “a scale greater than we’d seen before,” and ranked it among America’s chief national security threats.

有关中国黑客行动的曝光可能会证实华盛顿决策者们的担忧，美国官员已多次就此类黑客攻击发出严重警告。上周末在慕尼黑，联邦调查局局长克里斯托弗·雷说，中国针对美国的黑客行动“规模比我们以前见过的更大”，他将这种黑客行动列为美国的主要国家安全威胁之一。

He became one of the first senior officials to talk openly about Volt Typhoon, the name of a Chinese network of hackers that has placed code in critical infrastructure, resulting in alarms across the government. Intelligence officials believe that the code was intended to send a message: that at any point China could disrupt electrical supplies, water supplies or communications.

他是首批公开谈论“伏特台风”的高级官员之一。“伏特台风”是一个已将代码植入美国关键基础设施的中国黑客网的名称，已引起美国政府各个部门的担忧。情报官员认为，植入代码旨在传达一个信息：中国能随时中断美国的电力供应、供水或通讯。

Some of the code has been found near American military bases that rely on civilian infrastructure to keep running — especially bases that would be involved in any rapid response to an attack on Taiwan.

一些植入的代码是在靠民用基础设施维持运行的美国军事基地附近发现的，尤其是那些可能参与对中国袭击台湾做出快速反应的基地。

“It’s the tip of the iceberg,” Mr. Wray concluded.

雷的结论是，“这只是冰山一角。”