techdigest.tv
10 November 2025
Chris Price

A catastrophic data breach at Chinese cybersecurity firm Knownsec has exposed a state-backed cyber arsenal and global surveillance targets.

A prominent Chinese cybersecurity firm with ties to the government, Knownsec, has suffered a catastrophic data breach, exposing over 12,000 classified documents detailing the inner workings of China’s state-sponsored cyber espionage program.
The leak of over 12,000 classified documents provides an unprecedented window into the operational infrastructure supporting China’s intelligence-gathering efforts, triggering significant international concern.

The leaked materials initially appeared on GitHub before being removed for terms-of-service violations. They reveal a vast technical arsenal, including sophisticated Remote Access Trojans (RATs) engineered to compromise every major operating system, specifically Linux, Windows, macOS, iOS, and Android.

The documents detail the use of highly specialized surveillance tools. These include Android attack code capable of extracting extensive message histories from popular chat applications, enabling targeted spying on specific individuals.

Even more concerning is the detail on hardware-based attack vectors. The firm allegedly developed a maliciously engineered power bank that can covertly exfiltrate data when connected to a victim’s computer, representing a sophisticated, hands-on supply-chain attack. This highlights the willingness of state-sponsored programs to invest in complex infrastructure to circumvent traditional security controls.

The archives also contain detailed spreadsheets documenting alleged breaches against more than 80 overseas targets. The scale of the data theft is massive, listing 95GB of immigration records from India, 3TB of call records from South Korea’s LG U Plus, and 459GB of road planning data from Taiwan.

The target list explicitly names over twenty countries and regions, including the United Kingdom, Japan, and Nigeria.

Knownsec, founded in 2007 and backed by Tencent, holds a trusted position within China’s security apparatus, providing services to government departments and major financial institutions. This prominence amplifies the significance of the leak.

In response to the disclosure, a Chinese Foreign Ministry spokesperson was evasive, stating unfamiliarity with any Knownsec breach while asserting that China “firmly opposes and combats all forms of cyberattacks.”

Analysts note this measured response avoided denying government support for such operations, underscoring Beijing’s positioning of cyber activities as national security instruments. Cybersecurity specialists worldwide are now studying the exposed data to improve global defense strategies.