TZUTC: -0500
MSGID: 1704.consprcy@1:2320/105 2d7b1fcd
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Data breach at mysterious Chinese firm reveals state-owned cyber weapons and
even a list of targets

Date:
Wed, 12 Nov 2025 20:26:00 +0000

Description:
Leak at Knownsec exposes over 12,000 files detailing cyber weapons, espionage
tools, and international data theft.

FULL STORY

A recent data breach at Chinese security firm Knownsec has revealed over
12,000 classified files tied to state-owned cyber operations. 

The leaked materials reportedly include details on cyber weapons, internal AI
tools , and an extensive list of international targets. 

The incident has not only exposed technical data but also shown how deeply a
private company can be embedded in national cyber programs.

Leak reveals China's targets

Despite swift takedown efforts on GitHub, where some files briefly appeared,
the contents have already circulated among researchers and intelligence
analysts. 

The documents appear to offer a rare look into Chinas cyber ecosystem, 
showing links between Knownsec and various government departments. 

The leaked files outline a number of global targets, naming over twenty
countries and regions, including Japan, Vietnam, India, Indonesia, Nigeria,
and the UK. 

Among the most concerning revelations are spreadsheets that reportedly detail
attacks on 80 foreign targets, including critical infrastructure and
telecommunications companies. 

Data attributed to these breaches includes 95GB of immigration records from
India, 3TB of call logs from South Koreas LG U Plus, and 459GB of transport
data from Taiwan. 

Experts examining the files have noted the presence of Remote Access Trojans
(RATs) capable of compromising Linux, Windows, macOS, iOS, and Android
systems. 

Android malware found in the files reportedly enables the extraction of
information from popular Chinese messaging apps and Telegram. 

Furthermore, the documents mention hardware hacking devices used by Knownsec. 

This includes a sophisticated malicious power bank capable of secretly
uploading data to victims systems. 

The findings suggest that such operations were broader and more organized 
than previously assumed. 

Beijing has officially denied the report, with a Foreign Ministry 
spokesperson stating she was unaware of any Knownsec breach, reaffirming,
China firmly opposes and combats all forms of cyberattacks in accordance with
the law. 

While the statement distances the government from the incident, it stops 
short of denying links between the state and companies engaged in cyber
intelligence work. 

Standard antivirus programs and firewall protections, while essential, are
limited against such advanced infiltration tactics. 

Cyber experts argue organizations must adopt a more layered defense approach,
which combines traditional safeguards with real-time monitoring, strict
network segmentation, and the careful use of AI tools for threat detection. 

Via Mrxn (originally in Chinese) 

======================================================================
Link to news story:
https://www.techradar.com/pro/data-breach-at-mysterious-chinese-firm-reveals-s
tate-owned-cyber-weapons-and-even-a-list-of-targets

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426