- 12,000+ classified docs reveal deep links between Knownsec and Chinese state cyber operations
- The breach involved Remote Access Trojans capable of attacking global operating systems
- Researchers found 95GB of immigration data stolen from India’s national databases
A recent data breach at Chinese security firm Knownsec has revealed over 12,000 classified files tied to state-owned cyber operations.
The leaked materials reportedly include details on “cyber weapons,” internal AI tools, and an extensive list of international targets.
The incident has not only exposed technical data but also shown how deeply a private company can be embedded in national cyber programs.
Leak reveals China’s targets
Despite swift takedown efforts on GitHub, where some files briefly appeared, the contents have already circulated among researchers and intelligence analysts.
The documents appear to offer a rare look into China’s cyber ecosystem, showing links between Knownsec and various government departments.
The leaked files outline a number of global targets, naming over twenty countries and regions, including Japan, Vietnam, India, Indonesia, Nigeria, and the UK.
Among the most concerning revelations are spreadsheets that reportedly detail attacks on 80 foreign targets, including critical infrastructure and telecommunications companies.
Data attributed to these breaches includes 95GB of immigration records from India, 3TB of call logs from South Korea’s LG U Plus, and 459GB of transport data from Taiwan.
Experts examining the files have noted the presence of Remote Access Trojans (RATs) capable of compromising Linux, Windows, macOS, iOS, and Android systems.
Android malware found in the files reportedly enables the extraction of information from popular Chinese messaging apps and Telegram.
Furthermore, the documents mention hardware hacking devices used by Knownsec.
This includes a sophisticated malicious power bank capable of secretly uploading data to victims’ systems.
The findings suggest that such operations were broader and more organized than previously assumed.
Beijing has officially denied the report, with a Foreign Ministry spokesperson stating she was unaware of any Knownsec breach, reaffirming, “China firmly opposes and combats all forms of cyberattacks in accordance with the law.”
While the statement distances the government from the incident, it stops short of denying links between the state and companies engaged in cyber intelligence work.
Standard antivirus programs and firewall protections, while essential, are limited against such advanced infiltration tactics.
Standard antivirus programs and firewall protections, while essential, are limited against such advanced infiltration tactics.
Cyber experts argue organizations must adopt a more layered defense approach, which combines traditional safeguards with real-time monitoring, strict network segmentation, and the careful use of AI tools for threat detection.
Via Mrxn (originally in Chinese)
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
