- More than 12,000 classified documents reveal deep ties between Knownsec and Chinese state cyber operations
- The breach involved remote access Trojans capable of attacking global operating systems.
- Researchers discovered that 95 GB of immigration data had been stolen from India’s national databases
A recent data breach at Chinese security firm Knownsec exposed more than 12,000 classified files related to government cyber operations.
The leaked documents are said to contain details of “cyber weapons”, domestic artificial intelligence and a long list of international targets.
The incident not only exposed technical data, but also showed how deeply entrenched a private company can be in national software.
A leak reveals China’s goals
Despite quick takedown attempts on GitHub, where some files briefly appeared, the content has already been distributed to researchers and intelligence analysts.
The documents appear to provide a rare insight into China’s cyber ecosystem, showing links between Knownsec and various government agencies.
The leaked files detail a number of global targets and name more than twenty countries and regions, including Japan, Vietnam, India, Indonesia, Nigeria and the United Kingdom.
Among the most disturbing revelations are spreadsheets that reportedly detail attacks on 80 foreign targets, including telecommunications and critical infrastructure companies.
The data attributed to these breaches include 95 GB of immigration data from India, 3 TB of LG U Plus call logs from South Korea, and 459 GB of transportation data from Taiwan.
Experts who examined the files discovered the presence of remote access trojans (RATs) that could compromise Linux, Windows, macOS, iOS and Android systems.
The Android malware contained in the files reportedly pulls information from popular Chinese messaging apps and Telegram.
Additionally, hardware hacking devices used by Knownsec are listed in the documents.
This includes an advanced malicious power bank that can secretly download data to victims’ systems.
The results suggest that these operations were more extensive and organized than previously thought.
Beijing has officially denied this information. A State Department spokeswoman said she was not aware of any Knownsec violations and reiterated: “China firmly opposes all forms of cyber attacks and fights them in accordance with the law.”
While the statement distances the government from the incident, it does not deny links between the state and cyber intelligence firms.
While basic antivirus and firewall protections are essential, their ability to deter such advanced infiltration tactics is limited.
While basic antivirus and firewall protections are essential, their ability to deter such advanced infiltration tactics is limited.
Cyber experts say organizations should adopt a layered defense strategy that combines traditional defense mechanisms with real-time monitoring, rigorous network segmentation and careful use of AI-based threat detection tools.
IN sirxn (originally in Chinese)
