A major data leak recently hit the Chinese security firm Knownsec (aka Chuangyu), where over 12,000 secret files briefly appeared on GitHub around November 2, 2025. It gave experts a rare look into China’s government-backed hacking tools and operations. The files were taken down quickly, though some evidence suggests the actual data theft may have happened as early as 2023.
Key Details
Knownsec is a huge player in China’s cybersecurity network, having received a major investment from Tencent in 2015, and it works closely with government offices. The stolen files seem to confirm how deeply a private company can be mixed up in national cyber programs, including helping build “cyber weapons” and keeping a list of international targets.
As the Chinese news outlet, Mrxn, reported, the leak is truly unprecedented because it points directly to spying and data collection on over 20 countries and regions globally. This list includes places like Japan, Vietnam, India, Indonesia, Nigeria, and the United Kingdom. Furthermore, there’s a spreadsheet that claims to detail attacks on 80 foreign organisations, mainly critical infrastructure like telecommunications companies.
Stolen Data and Hacking Tools
The amount of data reportedly stolen is overwhelming. This includes an enormous 95GB of immigration records from India and 3TB of call logs taken from the South Korean phone company LG U Plus. We also saw mentions of 459GB of transport data from Taiwan in the breach documents
Details, including one shared on X (formerly Twitter) by International Cyber Digest, highlighted the details of the hacking tools. These include Remote Access Trojans (RATs), which you can think of as hidden programs that let hackers secretly control computers or devices remotely.
The files also reveal special hacking tools for Android phones that sneakily pull out message histories from apps like Telegram and other well-known Chinese chat apps. It is worth noting that the documents even mention a seemingly harmless, malicious power bank designed to secretly upload data from a victim’s device while pretending to charge it.
Official Response and Security Lessons
When questioned about the leak, the Chinese government, through its Foreign Ministry spokesperson, officially denied having any knowledge of a breach at Knownsec. The spokesperson repeated that China is firmly against and fights all kinds of cyberattacks. However, the statement did not go so far as to deny that state-associated companies get involved in cyber intelligence work.
Security experts warn that basic antivirus and firewalls are often not enough anymore. Companies need a stronger, layered defence, which means combining standard protection with constant checking of their networks.
Photo by Engin Akyurt on Unsplash