In early November 2025, Knownsec, one of China’s largest cybersecurity firms with direct government ties, experienced a catastrophic data breach that exposed over 12,000 classified documents.
The incident revealed the scale and sophistication of state-sponsored cyber operations, including detailed information about cyber weapons, internal hacking tools, and a comprehensive global surveillance target list.
This breach marks a significant turning point in understanding the technical capabilities and geopolitical scope of organized state-level cyber espionage operations.
The compromised files contained far more than routine business data. Hackers successfully extracted technical documentation detailing collaborations between Knownsec and various Chinese government departments, complete source code for proprietary internal tools, and spreadsheets listing 80 overseas targets that were allegedly already compromised.
The leaked materials initially surfaced on GitHub before rapid removal, though copies had already circulated extensively within the cybersecurity research community.
Founded in 2007 and backed by Tencent in 2015, Knownsec operated over 900 employees across multiple Chinese offices, positioning the company as a critical node in China’s cyber infrastructure.
Mrxn security analysts identified that the leaked documents reveal a comprehensive arsenal of offensive cyber capabilities.
The company maintained sophisticated libraries of Remote Access Trojans capable of compromising Windows, Linux, macOS, iOS, and Android systems.
.webp "Chinese Cybersecurity Firm Data Breach Exposes State-Sponsored Hackers Cyber Weapons and Target List 3")
Particularly concerning were Android-specific tools designed to extract message histories from Chinese chat applications and Telegram, enabling widespread communications interception.
The most revealing aspect of this breach concerns the geographic scope and data volume of compromised targets.
International locations named in the leaked spreadsheets include Japan, Vietnam, India, Indonesia, Nigeria, and the United Kingdom.
Data Breach
The documents detailed stolen data sets of staggering proportions: 95 gigabytes of immigration records from India, 3 terabytes of call records from South Korean telecommunications company LG U Plus, and 459 gigabytes of road planning data from Taiwan.
These figures demonstrate systematic long-term access to critical infrastructure and sensitive government information across multiple nations.
Beyond software tools, the leaked documents revealed hardware-based attack mechanisms, including a specially designed malicious power bank capable of covertly uploading data from connected victims’ devices.
This technical sophistication indicates resourced, sustained operations targeting high-value intelligence collection.
The Chinese government subsequently denied knowledge of the breach, with Foreign Ministry spokesperson Mao Ning claiming unfamiliarity with the incident while reiterating official opposition to cyberattacks.
However, this response notably avoided denying state support for cybersecurity firms conducting intelligence activities, suggesting such operations are viewed as legitimate national security functions.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
