A massive data breach at Chinese cybersecurity firm Knownsec (知道创宇) has exposed its extensive global hacking and surveillance activities. More than 12,000 confidential files – including hacker tool specifications, cross-platform remote-access trojans, surveillance target lists, and large-scale data-theft records – briefly appeared on GitHub before being removed.
Founded in 2007 and headquartered in Beijing, Knownsec runs the hacker team “404 Lab” and is regarded as a major contractor for China’s military and intelligence agencies. The company serves financial institutions, government bodies, and major internet firms, received significant investment from Tencent, and employs over 900 staff. The U.S. placed Knownsec on its entity sanctions list in 2022.
The leaked documents show that Knownsec built remote-access trojans for Linux, Windows, macOS, iOS, and Android, enabling persistent access across a wide range of systems. Its Android tools could extract message histories from Chinese chat apps and Telegram for targeted surveillance. The leak also detailed hardware-based attack tools, including a malicious power bank capable of secretly exfiltrating data – demonstrating supply-chain attack methods that bypass traditional software defenses.
According to Cyber Press, spreadsheets in the leaked materials document intrusions into more than 80 foreign organizations, involving massive data theft. Examples include:
- 95GB of Indian immigration records
- 3TB of call logs from South Korea’s LG UPlus
- 459GB of Taiwanese road-planning data
- Password data from Taiwan Yahoo and Brazil LinkedIn accounts
The targets span over 20 countries and regions, including Japan, Taiwan, Vietnam, India, Indonesia, Nigeria, and the United Kingdom – indicating a broad, systematic intelligence-gathering campaign.
Security firm StealthMole further reported that Knownsec conducted internet-infrastructure mapping in 28 countries, covering the Asia-Pacific, Southeast Asia, Africa, and Europe.
Source: Epoch Times, November 14, 2025
https://www.epochtimes.com/gb/25/11/13/n14635466.htm