Key Findings:

• Major data leak from Chinese security firm Knownsec (aka Chuangyu) in November 2025, with over 12,000 secret files briefly appearing on GitHub.

• Leak provided a rare insight into China's government-backed hacking tools and operations.

• The data theft may have occurred as early as 2023, but the files were taken down quickly.

Background

• Knownsec is a prominent player in China's cybersecurity industry, having received a significant investment from Tencent in 2015 and working closely with government offices.

• The stolen files suggest a private company can be deeply involved in national cyber programs, including helping build "cyber weapons" and maintaining a list of international targets.

Stolen Data and Hacking Tools

• The leaked data includes an overwhelming amount of information, such as 95GB of Indian immigration records, 3TB of South Korean LG U Plus call logs, and 459GB of Taiwanese transport data.

• The files reveal various hacking tools, including Remote Access Trojans (RATs) and specialized tools for extracting data from popular messaging apps on Android devices.

• A seemingly harmless malicious power bank was also mentioned, designed to secretly upload data from a victim's device while charging it.

Official Response and Security Lessons

• The Chinese government, through its Foreign Ministry spokesperson, denied any knowledge of the breach at Knownsec, but did not deny state-associated companies' involvement in cyber intelligence work.

• Security experts warn that standard antivirus and firewall protection may not be enough anymore, and companies need a stronger, layered defense, combining standard protection with constant network monitoring.

Sources

• https://hackread.com/chinese-tech-firm-leak-state-linked-hacking/

• https://www.reddit.com/r/pwnhub/comments/1ox22v9/chinese_tech_firm_leak_exposes_statelinked_cyber/

• https://www.linkedin.com/posts/lorenzogomezvargas_chinese-tech-firm-leak-reportedly-exposes-activity-7395187807725670400-5rul