Data breach at Chinese infosec firm reveals cyber-weapons and target list

Summary

Reports from Chinese infosec blog MXRN indicate a major data breach at Knownsec, a security company with ties to Beijing and China’s military. The leak reportedly includes over 12,000 classified documents detailing state-owned cyber-weapons, internal offensive tools and a global list of targets.

The haul allegedly contains Remote Access Trojans (RATs) capable of compromising Linux, Windows, macOS, iOS and Android. Android components are said to extract data from popular Chinese messaging apps and Telegram. Stolen datasets reportedly include a spreadsheet listing 80 overseas targets Knownsec has successfully attacked, 95GB of Indian immigration data, 3TB of call records from South Korea’s LG U Plus, and 459GB of Taiwan road-planning data. Some documents were uploaded to GitHub and removed quickly.

Key Points

MXRN reports Knownsec leaked over 12,000 classified documents linked to state cyber-offensive capabilities.
Leak reportedly details state-owned cyber-weapons, internal tools and a global target list.
Remote Access Trojans in the trove claim capability across Linux, Windows, macOS, iOS and Android.
Android malware allegedly can harvest data from Chinese messaging apps and Telegram.
Stolen datasets include 95GB of Indian immigration records, 3TB of call logs from LG U Plus, and 459GB of Taiwanese road-planning data.
A spreadsheet reportedly lists 80 overseas targets Knownsec is said to have successfully attacked.
Some leaked files were posted to GitHub and were removed by the platform.
Broader roundup: India’s tech services exports grew in FY24/25; South Korea cut SMS spam substantially; NTT formed NTT Mobility for autonomous driving; China smartphone sales remain weak; Google denies an AI datacentre on Christmas Island.

Content summary

The core story centres on a reported breach at Knownsec, with MXRN claiming a large trove of sensitive materials was exposed. The documents allegedly outline offensive cyber tools and operations with cross-platform RATs and capabilities to harvest communications from widely used messaging services.

Alongside the breach, the article provides a short Asia tech roundup: India’s software exports continued to grow (driven by private companies and gains in Europe), South Korea’s anti-spam campaign drastically reduced SMS spam volumes, NTT launched a unit for autonomous-driving services, and smartphone sales in China slipped further despite a brief bump after the iPhone 17 launch. Google denied plans for an AI datacentre on Christmas Island.

Context and relevance

Why this matters: if authentic, the Knownsec leak would be notable for exposing state-linked offensive tooling and concrete target lists — information that could shift threat assessments and diplomatic responses. The presence of cross-platform RATs and telecom/immigration datasets increases the potential for privacy harms, targeted espionage and secondary exploitation by other actors.

For security teams and national CERTs: the report suggests immediate actions — hunt for the RAT indicators, scrutinise inbound campaigns that could reuse leaked code, validate if your organisation or constituents are named among the targets, and coordinate with providers (GitHub, cloud hosts) and affected partners to contain and remediate exposures.

Author style

Punchy: This isn’t just another breach — it’s a potentially explosive mix of offensive tooling, verified hits and large, sensitive datasets. If you’re responsible for security, telecoms, or national infrastructure, the detail here is highly relevant and worth following up on urgently.

Why should I read this?

Because this one’s the sort of leak that changes the game — weapons, target lists and big piles of user data. If you care about who’s targeting whom, whether state-linked tools are circulating, or whether your sector could be next, skim the details and act. We’ve sifted the noise: this is the bit to keep an eye on.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2025/11/09/asia_tech_news_roundup/