CAS
Company Details
Linkedin ID:
chinese-academy-of-sciences
Website:
Employees number:
14,863
Number of followers:
66,403
NAICS:
5417
Industry Type:
Homepage:
cas.cn
IP Addresses:
0
Company ID:
CHI_8631860
Scan Status:
In-progress
Chinese Academy of Sciences Company CyberSecurity Posture
cas.cn
The Chinese Academy of Sciences (CAS) is the lead national scientific institution in natural sciences and high technology development in China and the country's supreme scientific advisory body. It incorporates three major parts: a comprehensive research and development network consisting of 104 research institutes, a traditional merit-based national academy as represented by its Academic Divisions and a system of higher education based on its affiliated 3 universities and the support of its research institutes. CAS has served as the major national strategic research force since founding in November 1949 and has left its deep footprints in Chinese S&T and the overall development of China's national innovation system.
Chinese Academy of Sciences A.I CyberSecurity Scoring
CAS Risk Score (AI oriented)Between 750 and 799
CAS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CAS Global Score (TPRM)XXXX
CAS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CAS Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Bangladeshi Government and Chinese Government: Expanding Bitter APT operation exposed
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Bitter APT Expands Cyberespionage Campaigns with Sophisticated Tools and Targets The advanced persistent threat (APT) group Bitter (also known as TA397, APT-C-08, Orange Yali, and Hazy Tiger), linked to the Indian government, has intensified its cyberespionage operations. According to a joint analysis by Proofpoint and Threatray, the group has launched spear-phishing attacks impersonating government and diplomatic entities from Bangladesh, Pakistan, China, and South Korea, aiming to deploy malicious payloads. Bitter’s recent campaigns have leveraged multiple tools, including: - KugelBlitz and BDarkRAT payloads for system compromise. - ArtraDownloader, which deploys the WSCSPL backdoor for system data exfiltration. - Almond RAT and MuuyDownloader trojans for remote access and persistence. - ORPCBackdoor, previously associated with the Mysterious Elephant threat actor another group tied to Indian APTs SideWinder and Confucius. - KiwiStealer, an information-stealing malware designed to harvest sensitive data. The findings highlight Bitter’s evolving tactics, combining social engineering with a diverse arsenal of malware to conduct targeted espionage. The group’s infrastructure and toolset suggest continued alignment with state-sponsored objectives.
CAS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CAS
Incidents vs Research Services Industry Average (This Year)
No incidents recorded for Chinese Academy of Sciences in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Chinese Academy of Sciences in 2026.
Incident Types CAS vs Research Services Industry Avg (This Year)
No incidents recorded for Chinese Academy of Sciences in 2026.
Incident History — CAS (X = Date, Y = Severity)
CAS cyber incidents detection timeline including parent company and subsidiaries
CAS Company Subsidiaries
The Chinese Academy of Sciences (CAS) is the lead national scientific institution in natural sciences and high technology development in China and the country's supreme scientific advisory body. It incorporates three major parts: a comprehensive research and development network consisting of 104 research institutes, a traditional merit-based national academy as represented by its Academic Divisions and a system of higher education based on its affiliated 3 universities and the support of its research institutes. CAS has served as the major national strategic research force since founding in November 1949 and has left its deep footprints in Chinese S&T and the overall development of China's national innovation system.
Loading...
CAS Similar Companies
The University of Edinburgh
Imagine what you could do at a world-leading university that is globally recognised for its teaching, research and innovation. The University of Edinburgh has been providing students with world-class teaching for more than 425 years, unlocking the potential of some of the world's leading thinkers
Utrecht University
At Utrecht University (UU), we are working towards a better world. We do this by researching complex issues beyond the borders of disciplines. We put thinkers in contact with doers, so new insights can be applied. We give students the space to develop themselves. In so doing, we make substantial con
UCL
UCL (University College London) is London's leading multidisciplinary university, ranked 9th in the QS World University Rankings. Established in 1826 UCL opened up education in England for the first time to students of any race, class or religion and was also the first university to welcome female
The PPD™ clinical research business of Thermo Fisher Scientific, the world leader in serving science, enables customers to accelerate innovation and drug development through patient-centered strategies and data analytics. Our services, which span multiple therapeutic areas, include early development
Technical University of Munich
Our university combines top-class facilities for cutting-edge research with unique learning opportunities for 52,000 students. Whether our researchers are investigating the origins of life, matter and the universe or looking for solutions to the major challenges for our society, people lie at the he
King's College London
King’s College London is amongst the top 40 universities in the world and top 10 in Europe (THE World University Rankings 2024), and one of England’s oldest and most prestigious universities. With an outstanding reputation for world-class teaching and cutting-edge research, King’s maintained its si
CNRS
The French National Centre for Scientific Research is among the world's leading research institutions. Its scientists explore the living world, matter, the Universe, and the functioning of human societies in order to meet the major challenges of today and tomorrow. Internationally recognised for the
CEA
The CEA is the French Alternative Energies and Atomic Energy Commission ("Commissariat à l'énergie atomique et aux énergies alternatives"). It is a public body established in October 1945 by General de Gaulle. A leader in research, development and innovation, the CEA mission statement has two main
Los Alamos National Laboratory
Los Alamos National Laboratory is one of the world’s most innovative multidisciplinary research institutions. We're engaged in strategic science on behalf of national security to ensure the safety and reliability of the U.S. nuclear stockpile. Our workforce specializes in a wide range of progressive
.png)
CAS CyberSecurity News
January 07, 2026 08:00 AM
Researchers Manipulate Stolen Data to Corrupt AI Models and Generate Inaccurate Outputs
Researchers from the Chinese Academy of Sciences and Nanyang Technological University have introduced AURA, a novel framework to safeguard...
December 11, 2025 08:00 AM
UK sanctions on Chinese entities draw criticism
China has condemned the United Kingdom for political manipulation under the guise of cybersecurity, urging London to revoke sanctions on...
November 29, 2025 08:00 AM
The Philippines: Initiatives to Boost Cybersecurity and Online Safety
Two DICT–UPDEPPO initiatives aim to boost online safety and expand the country's cybersecurity workforce as part of its broader national...
November 19, 2025 08:00 AM
Beijing’s Cyber Siege: Decoding China’s Accusations of U.S. Attacks on Vital Infrastructure
In the escalating digital arms race between superpowers, China has leveled explosive accusations against the United States,...
November 06, 2025 08:00 AM
American cyberattack on China’s time network
China's National Time Service Center at the Chinese Academy of Sciences has become the target of a large-scale cyberespionage campaign...
October 20, 2025 07:00 AM
MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems
China claims the NSA led a 2022 cyberattack on its National Time Service Center using 42 tools.
October 20, 2025 07:00 AM
China accuses US of cyber breaches at national time centre
The ministry said it found evidence tracing stolen data and credentials as far back as 2022.
October 20, 2025 07:00 AM
Beijing alleges US hacked China’s National Time Service Centre in long-term cyber campaign
Beijing has alleged that the US National Security Agency carried out long-term cyberattacks on China's National Time Service Centre,...
October 20, 2025 07:00 AM
Cyber aggression part and parcel of hegemony: China Daily editorial
In a revelation that puts the spotlight on the cyber warfare waged by the United States, China's state security authorities announced they...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CAS CyberSecurity History Information
Official Website of Chinese Academy of Sciences
The official website of Chinese Academy of Sciences is http://english.cas.cn/.
Chinese Academy of Sciences’s AI-Generated Cybersecurity Score
According to Rankiteo, Chinese Academy of Sciences’s AI-generated cybersecurity score is 760, reflecting their Fair security posture.
How many security badges does Chinese Academy of Sciences’ have ?
According to Rankiteo, Chinese Academy of Sciences currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Chinese Academy of Sciences been affected by any supply chain cyber incidents ?
According to Rankiteo, Chinese Academy of Sciences has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Chinese Academy of Sciences have SOC 2 Type 1 certification ?
According to Rankiteo, Chinese Academy of Sciences is not certified under SOC 2 Type 1.
Does Chinese Academy of Sciences have SOC 2 Type 2 certification ?
According to Rankiteo, Chinese Academy of Sciences does not hold a SOC 2 Type 2 certification.
Does Chinese Academy of Sciences comply with GDPR ?
According to Rankiteo, Chinese Academy of Sciences is not listed as GDPR compliant.
Does Chinese Academy of Sciences have PCI DSS certification ?
According to Rankiteo, Chinese Academy of Sciences does not currently maintain PCI DSS compliance.
Does Chinese Academy of Sciences comply with HIPAA ?
According to Rankiteo, Chinese Academy of Sciences is not compliant with HIPAA regulations.
Does Chinese Academy of Sciences have ISO 27001 certification ?
According to Rankiteo,Chinese Academy of Sciences is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Chinese Academy of Sciences
Chinese Academy of Sciences operates primarily in the Research Services industry.
Number of Employees at Chinese Academy of Sciences
Chinese Academy of Sciences employs approximately 14,863 people worldwide.
Subsidiaries Owned by Chinese Academy of Sciences
Chinese Academy of Sciences presently has no subsidiaries across any sectors.
Chinese Academy of Sciences’s LinkedIn Followers
Chinese Academy of Sciences’s official LinkedIn profile has approximately 66,403 followers.
NAICS Classification of Chinese Academy of Sciences
Chinese Academy of Sciences is classified under the NAICS code 5417, which corresponds to Scientific Research and Development Services.
Chinese Academy of Sciences’s Presence on Crunchbase
No, Chinese Academy of Sciences does not have a profile on Crunchbase.
Chinese Academy of Sciences’s Presence on LinkedIn
Yes, Chinese Academy of Sciences maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/chinese-academy-of-sciences.
Cybersecurity Incidents Involving Chinese Academy of Sciences
As of January 21, 2026, Rankiteo reports that Chinese Academy of Sciences has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Chinese Academy of Sciences has an estimated 5,263 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Chinese Academy of Sciences ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
Incident Details
Can you provide details on each incident ?
Title: Bitter APT Cyberespionage Campaigns
Description: More expansive cyberespionage campaigns have been launched by the advanced persistent threat operation Bitter, associated with the Indian government. The group, also known as TA397, APT-C-08, Orange Yali, and Hazy Tiger, deployed spear-phishing attacks impersonating Bangladeshi, Pakistani, Chinese, and South Korean governments and diplomatic entities, as well as malicious intrusions to deliver KugelBlitz and BDarkRAT payloads. The campaign involved multiple tools, including ArtraDownloader, WSCSPL backdoor, Almond RAT, MuuyDownloader trojans, ORPCBackdoor, and KiwiStealer information-stealing malware.
Type: Cyberespionage
Attack Vector: Spear-phishingMalicious intrusions
Threat Actor: Bitter (TA397, APT-C-08, Orange Yali, Hazy Tiger)
Motivation: Cyberespionage
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyberespionage GOVCHI1766628286
Data Compromised: System data, sensitive information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are System Data, Sensitive Information and .
Which entities were affected by each incident ?
Incident : Cyberespionage GOVCHI1766628286
Entity Name: Bangladeshi government entities
Entity Type: Government
Industry: Government/Diplomacy
Location: Bangladesh
Incident : Cyberespionage GOVCHI1766628286
Entity Name: Pakistani government entities
Entity Type: Government
Industry: Government/Diplomacy
Location: Pakistan
Incident : Cyberespionage GOVCHI1766628286
Entity Name: Chinese government entities
Entity Type: Government
Industry: Government/Diplomacy
Location: China
Incident : Cyberespionage GOVCHI1766628286
Entity Name: South Korean government entities
Entity Type: Government
Industry: Government/Diplomacy
Location: South Korea
Data Breach Information
What type of data was compromised in each breach ?
Incident : Cyberespionage GOVCHI1766628286
Type of Data Compromised: System data, Sensitive information
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Cyberespionage GOVCHI1766628286
Source: The Hacker News
Incident : Cyberespionage GOVCHI1766628286
Source: Proofpoint and Threatray joint analysis
Incident : Cyberespionage GOVCHI1766628286
Source: Knownsec 404 Team
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: The Hacker News, and Source: Proofpoint and Threatray joint analysis, and Source: Knownsec 404 Team.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Bitter (TA397, APT-C-08, Orange Yali and Hazy Tiger).
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were System data and sensitive information.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were System data and sensitive information.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are The Hacker News, Knownsec 404 Team and Proofpoint and Threatray joint analysis.
.png)
Latest Global CVEs (Not Company-Specific)
Description
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g., execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution. ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the --commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to: * Run any shell command. * Exfiltrate environment variables. * Compromise the CI runner to install backdoors or modify build artifacts. Credits Disclosed responsibly by kny4hacker. Mitigation * Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher. * Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher. * Users on Wrangler v2 (EOL) should upgrade to a supported major version.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
Risk Information
cvss3
Base: 8.1
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=chinese-academy-of-sciences' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
