BZCITCL
Company Details
Linkedin ID:
knownsec
Website:
Employees number:
179
Number of followers:
237
NAICS:
541514
Industry Type:
Homepage:
knownsec.com
IP Addresses:
0
Company ID:
BEI_8745213
Scan Status:
In-progress
Beijing Zhidao Chuangyu Information Technology Co., Ltd. Company CyberSecurity Posture
knownsec.com
Knownsec was founded in August 2007 and received a large-scale strategic investment from Tencent again in 2015. We have over 900 employees and has set up offices and branches nationwide (including Hong Kong). Since 2015, we know that Knownsec has continuously launched dozens of security products. At present, we have built a cloud security defense platform on security products. It has formed a set of solutions from website protection to acceleration, and then to commercial protection on brand line. In terms of security monitoring, we have also formed a set of regional assets. To vulnerability threat, then to the comprehensive acquisition ability of attack situation. China Merchants Bank, CITIC Securities, Guangfa Securities, Tencent, Jingdong, Toutiao, Weibo, tremolo, Bitland, Firecoin, Hexun and Yunnan Satellite TV are all our customers.
Beijing Zhidao Chuangyu Information Technology Co., Ltd. A.I CyberSecurity Scoring
BZCITCL Risk Score (AI oriented)Between 0 and 549
BZCITCL
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
BZCITCL Global Score (TPRM)XXXX
BZCITCL
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
BZCITCL Company CyberSecurity News & History
Past Incidents
3
Attack Types
1
KnownSec (Beijing Zhidao Chuangyu Information Technology Co., Ltd)
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: KnownSec, a major Chinese cybersecurity firm linked to state-directed operations, suffered a significant breach exposing over **12,000 internal documents**, including **blueprints for advanced malware, remote access tools, and hardware implants** (e.g., malicious USB chargers). The leak revealed **95GB of Indian immigration data** (allegedly stolen in 2024), **digital infrastructure maps of India**, and **target lists spanning 20+ countries** (India, Japan, UK, etc.). Compromised files also included **source code for surveillance tools** capable of extracting chat histories from WeChat, QQ, and Telegram, alongside evidence of **long-term Chinese interest in Indian government and border systems**.The breach—**not ransomware-related**—lacked financial motives, suggesting an **insider or ideological attack**. While China dismissed reports as 'groundless,' leaked memos indicated internal damage control. Experts warn the exposed tools could be **repurposed by criminal or state actors**, posing risks to global cybersecurity. For India, the incident underscores vulnerabilities in **critical immigration and defense-related data**, with potential **geopolitical and espionage implications** given KnownSec’s ties to Chinese military initiatives (e.g., US DoD blacklisting in 2024).
Knownsec
Breach
Rankiteo Explanation
Attack threatening the economy of geographical region
Description: Knownsec, a Beijing-based cybersecurity firm with reported ties to the Chinese military, suffered a **massive data breach** exposing over **12,000 confidential documents**. The leaked files allegedly include sensitive details about **state-linked hacking operations**, potentially compromising intelligence methodologies, tools, and operational strategies used by Chinese cyber units. The breach not only risks exposing **government-affiliated cyber activities** but also undermines trust in Knownsec’s ability to secure critical data. Given the firm’s military connections, the incident could have **geopolitical repercussions**, including counterintelligence responses from adversarial nations. The exposure of such documents may enable foreign actors to **reverse-engineer attack techniques**, identify vulnerabilities in Chinese cyber infrastructure, or attribute past incidents more accurately. The reputational damage to Knownsec is severe, as clients—including state entities—may question its competence in safeguarding high-stakes information. The breach’s scale and the nature of the exposed data suggest **long-term strategic consequences** beyond immediate operational fallout.
Knownsec (Chuangyu)
Breach
Rankiteo Explanation
Attack threatening the economy of geographical region
Description: A major data breach at **Knownsec (Chuangyu)**, a prominent Chinese cybersecurity firm with ties to government-backed hacking operations, exposed over **12,000 confidential files** on GitHub in early November 2025. The leaked documents revealed China’s state-sponsored cyber espionage tools, including **Remote Access Trojans (RATs)**, Android malware targeting messaging apps (e.g., Telegram), and even a **malicious power bank** designed to exfiltrate data while charging devices. The breach compromised **95GB of Indian immigration records**, **3TB of South Korean call logs (LG U Plus)**, and **459GB of Taiwanese transport data**, alongside evidence of attacks on **80 foreign organizations**, primarily critical infrastructure like telecom firms. The leak also exposed a list of **20+ targeted countries**, including Japan, Vietnam, the UK, and Nigeria, confirming Knownsec’s role in developing cyber weapons and maintaining international surveillance databases. While the files were quickly removed, traces suggest the initial theft may date back to **2023**. The Chinese government denied knowledge of the breach but did not refute state-affiliated cyber activities. Experts emphasize the incident underscores the inadequacy of traditional defenses (e.g., antivirus, firewalls) against **state-level threats**, advocating for **multi-layered security strategies**.
BZCITCL Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for BZCITCL
Incidents vs Computer and Network Security Industry Average (This Year)
Beijing Zhidao Chuangyu Information Technology Co., Ltd. has 112.77% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Beijing Zhidao Chuangyu Information Technology Co., Ltd. has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types BZCITCL vs Computer and Network Security Industry Avg (This Year)
Beijing Zhidao Chuangyu Information Technology Co., Ltd. reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — BZCITCL (X = Date, Y = Severity)
BZCITCL cyber incidents detection timeline including parent company and subsidiaries
BZCITCL Company Subsidiaries
Knownsec was founded in August 2007 and received a large-scale strategic investment from Tencent again in 2015. We have over 900 employees and has set up offices and branches nationwide (including Hong Kong). Since 2015, we know that Knownsec has continuously launched dozens of security products. At present, we have built a cloud security defense platform on security products. It has formed a set of solutions from website protection to acceleration, and then to commercial protection on brand line. In terms of security monitoring, we have also formed a set of regional assets. To vulnerability threat, then to the comprehensive acquisition ability of attack situation. China Merchants Bank, CITIC Securities, Guangfa Securities, Tencent, Jingdong, Toutiao, Weibo, tremolo, Bitland, Firecoin, Hexun and Yunnan Satellite TV are all our customers.
Loading...
BZCITCL Similar Companies
CrowdStrike
CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-clas
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest s
.png)
BZCITCL CyberSecurity News
November 22, 2025 09:03 AM
Did China access Indian immigration and border data? What the breach of cybersecurity firm KnownSec revealed
One of China's most important cybersecurity firms has been breached, revealing information about India stored on its servers.
October 12, 2022 07:00 AM
DOD Releases New List of Section 889 Banned Entities | PilieroMazza PLLC
Section 889 is a broad prohibition to the use of any covered Chinese technology posing a threat to US cybersecurity and national security.
October 06, 2022 07:00 AM
Pentagon’s list of Chinese military-linked companies operating in the U.S. grows
The world's biggest consumer drone-maker Shenzhen-based DJI Technology and China's top genetics firm BGI are among more than a dozen companies the Defense...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
BZCITCL CyberSecurity History Information
Official Website of Beijing Zhidao Chuangyu Information Technology Co., Ltd.
The official website of Beijing Zhidao Chuangyu Information Technology Co., Ltd. is https://www.knownsec.com.
Beijing Zhidao Chuangyu Information Technology Co., Ltd.’s AI-Generated Cybersecurity Score
According to Rankiteo, Beijing Zhidao Chuangyu Information Technology Co., Ltd.’s AI-generated cybersecurity score is 537, reflecting their Critical security posture.
How many security badges does Beijing Zhidao Chuangyu Information Technology Co., Ltd.’ have ?
According to Rankiteo, Beijing Zhidao Chuangyu Information Technology Co., Ltd. currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Beijing Zhidao Chuangyu Information Technology Co., Ltd. have SOC 2 Type 1 certification ?
According to Rankiteo, Beijing Zhidao Chuangyu Information Technology Co., Ltd. is not certified under SOC 2 Type 1.
Does Beijing Zhidao Chuangyu Information Technology Co., Ltd. have SOC 2 Type 2 certification ?
According to Rankiteo, Beijing Zhidao Chuangyu Information Technology Co., Ltd. does not hold a SOC 2 Type 2 certification.
Does Beijing Zhidao Chuangyu Information Technology Co., Ltd. comply with GDPR ?
According to Rankiteo, Beijing Zhidao Chuangyu Information Technology Co., Ltd. is not listed as GDPR compliant.
Does Beijing Zhidao Chuangyu Information Technology Co., Ltd. have PCI DSS certification ?
According to Rankiteo, Beijing Zhidao Chuangyu Information Technology Co., Ltd. does not currently maintain PCI DSS compliance.
Does Beijing Zhidao Chuangyu Information Technology Co., Ltd. comply with HIPAA ?
According to Rankiteo, Beijing Zhidao Chuangyu Information Technology Co., Ltd. is not compliant with HIPAA regulations.
Does Beijing Zhidao Chuangyu Information Technology Co., Ltd. have ISO 27001 certification ?
According to Rankiteo,Beijing Zhidao Chuangyu Information Technology Co., Ltd. is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Beijing Zhidao Chuangyu Information Technology Co., Ltd.
Beijing Zhidao Chuangyu Information Technology Co., Ltd. operates primarily in the Computer and Network Security industry.
Number of Employees at Beijing Zhidao Chuangyu Information Technology Co., Ltd.
Beijing Zhidao Chuangyu Information Technology Co., Ltd. employs approximately 179 people worldwide.
Subsidiaries Owned by Beijing Zhidao Chuangyu Information Technology Co., Ltd.
Beijing Zhidao Chuangyu Information Technology Co., Ltd. presently has no subsidiaries across any sectors.
Beijing Zhidao Chuangyu Information Technology Co., Ltd.’s LinkedIn Followers
Beijing Zhidao Chuangyu Information Technology Co., Ltd.’s official LinkedIn profile has approximately 237 followers.
NAICS Classification of Beijing Zhidao Chuangyu Information Technology Co., Ltd.
Beijing Zhidao Chuangyu Information Technology Co., Ltd. is classified under the NAICS code 541514, which corresponds to Others.
Beijing Zhidao Chuangyu Information Technology Co., Ltd.’s Presence on Crunchbase
No, Beijing Zhidao Chuangyu Information Technology Co., Ltd. does not have a profile on Crunchbase.
Beijing Zhidao Chuangyu Information Technology Co., Ltd.’s Presence on LinkedIn
Yes, Beijing Zhidao Chuangyu Information Technology Co., Ltd. maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/knownsec.
Cybersecurity Incidents Involving Beijing Zhidao Chuangyu Information Technology Co., Ltd.
As of December 04, 2025, Rankiteo reports that Beijing Zhidao Chuangyu Information Technology Co., Ltd. has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Beijing Zhidao Chuangyu Information Technology Co., Ltd. has an estimated 2,928 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Beijing Zhidao Chuangyu Information Technology Co., Ltd. ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Beijing Zhidao Chuangyu Information Technology Co., Ltd. detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with internal containment (per leaked memos), and containment measures with removal of leaked files from github, containment measures with dark web monitoring, and communication strategy with no public statement by knownsec, communication strategy with china denied breach as 'groundless', and containment measures with files removed from github, containment measures with no official confirmation of further actions, and communication strategy with chinese foreign ministry denial of breach knowledge, communication strategy with no refutation of state-associated cyber intelligence work, and enhanced monitoring with security experts recommend layered defenses beyond antivirus/firewalls..
Incident Details
Can you provide details on each incident ?
Title: Knownsec Massive Data Breach Exposing State-Linked Hacking Operations
Description: A major cybersecurity incident in China exposed more than 12,000 confidential documents from Knownsec, a Beijing-based information security company with links to the Chinese military.
Type: Data Breach
Title: KnownSec Data Breach Exposing India's Immigration Records and Offensive Cyber Capabilities
Description: One of China’s most important cybersecurity firms, KnownSec (Beijing Zhidao Chuangyu Information Technology Co., Ltd), was breached, revealing internal documents, advanced malware blueprints, and data on India’s immigration records. The breach exposed over 12,000 files, including state-aligned hacking operations targeting over 20 countries, with India being a primary focus. The leaked data included source code for malware, remote access tools, hardware implants (e.g., malicious USB chargers), and reconnaissance tools like ZoomEye. The incident suggests an insider or ideological motive, with no ransom demand. China denied the breach, while KnownSec remained silent. The exposure highlights risks to India’s cyber defenses and global implications of China’s offensive cyber capabilities.
Date Detected: 2024-05-01T00:00:00Z
Date Publicly Disclosed: 2024-05-01T00:00:00Z
Type: Data Breach
Attack Vector: Insider ThreatUnauthorized AccessData Exfiltration
Threat Actor: Unknown (Suspected Insider or Ideological Actor)Potential State-Sponsored Affiliation
Motivation: EspionageGeopolitical IntelligenceNon-Financial (No Ransom Demand)
Title: Major Data Leak at Chinese Security Firm Knownsec (Chuangyu)
Description: A significant data leak at Knownsec (Chuangyu), a major Chinese cybersecurity firm, exposed over 12,000 secret files on GitHub around November 2, 2025. The files revealed details of China’s government-backed hacking tools, operations, and international targets, including critical infrastructure in over 20 countries. The breach included 95GB of Indian immigration records, 3TB of South Korean call logs (LG U Plus), and 459GB of Taiwanese transport data. The leak also exposed advanced hacking tools like Remote Access Trojans (RATs), Android spyware for apps like Telegram, and a malicious power bank designed for covert data exfiltration. The Chinese government denied knowledge of the breach but did not refute state-associated cyber intelligence activities.
Date Detected: 2025-11-02
Date Publicly Disclosed: 2025-11-02
Type: Data Leak
Attack Vector: Insider Threat (suspected)Unauthorized Data Exposure (GitHub)Potential State-Sponsored Theft (2023)
Motivation: EspionageIntelligence GatheringCyber Warfare Preparation
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Potential insider (2023 theft)GitHub repository misconfiguration (2025 leak).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach KNO4133041111125
Data Compromised: 12,000+ confidential documents
Brand Reputation Impact: High (exposure of state-linked operations)
Incident : Data Breach KNO3634336111325
Data Compromised: 12,000+ internal documents, 95 gb of indian immigration data (allegedly stolen in 2024), Blueprints/source code for advanced malware, Remote access tools, Hardware implants (e.g., malicious usb chargers/power banks), Digital infrastructure maps of india, Target lists spanning asia, europe, and africa, Chat histories from wechat, qq, and telegram, Zoomeye reconnaissance data
Systems Affected: KnownSec’s secure serversGitHub (briefly hosted leaked files)
Operational Impact: Exposure of China’s offensive cyber capabilitiesRisk of repurposed tools by criminal/state actorsPotential compromise of Indian government networks/border systemsInternal containment efforts by KnownSec (per leaked memos)
Brand Reputation Impact: Damage to KnownSec’s credibilityGeopolitical tensions (e.g., US DoD blacklisting)India’s heightened cybersecurity concerns
Identity Theft Risk: ['High (immigration data exposure)']
Incident : Data Leak KNO5392653111425
Data Compromised: 95gb of indian immigration records, 3tb of south korean call logs (lg u plus), 459gb of taiwanese transport data, Hacking tools (rats, android spyware, malicious power bank), List of 80 foreign organizations targeted (critical infrastructure), Details of attacks on 20+ countries/regions
Operational Impact: Exposure of state-backed cyber operationsCompromise of national security toolsReputation damage to Knownsec and Chinese cybersecurity sector
Brand Reputation Impact: Severe damage to Knownsec's credibilityErosion of trust in Chinese cybersecurity firmsInternational scrutiny of China's cyber activities
Identity Theft Risk: ['High (given PII in immigration records)', 'Potential misuse of call logs and transport data']
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Confidential Documents, State-Linked Hacking Operations, , Immigration Records, Malware Source Code, Reconnaissance Data (Zoomeye), Target Lists, Chat Histories, Digital Infrastructure Maps, , Government Hacking Tools (Rats, Spyware), Immigration Records (95Gb), Telecom Call Logs (3Tb), Transport Data (459Gb), Target Lists (80+ Organizations), Attack Methodologies and .
Which entities were affected by each incident ?
Incident : Data Breach KNO4133041111125
Entity Name: Knownsec
Entity Type: Cybersecurity Firm
Industry: Information Security
Location: Beijing, China
Incident : Data Breach KNO3634336111325
Entity Name: KnownSec (Beijing Zhidao Chuangyu Information Technology Co., Ltd)
Entity Type: Private Cybersecurity Firm
Industry: Cybersecurity/Defense
Location: Beijing, China
Customers Affected: Indian government, Entities in 20+ countries (e.g., Japan, Vietnam, UK)
Incident : Data Breach KNO3634336111325
Entity Name: Government of India
Entity Type: National Government
Industry: Public Sector
Location: India
Customers Affected: Indian citizens (immigration data exposure)
Incident : Data Leak KNO5392653111425
Entity Name: Knownsec (Chuangyu)
Entity Type: Private Cybersecurity Firm
Industry: Cybersecurity
Location: China
Size: Large (backed by Tencent since 2015)
Incident : Data Leak KNO5392653111425
Entity Name: Government of India
Entity Type: Government
Industry: Public Sector
Location: India
Customers Affected: Citizens (immigration records)
Incident : Data Leak KNO5392653111425
Entity Name: LG U Plus
Entity Type: Telecommunications Company
Industry: Telecom
Location: South Korea
Customers Affected: Subscribers (call logs)
Incident : Data Leak KNO5392653111425
Entity Name: Taiwanese Transport Authorities
Entity Type: Government Agency
Industry: Transportation
Location: Taiwan
Incident : Data Leak KNO5392653111425
Entity Name: 80+ Foreign Organizations (Critical Infrastructure)
Entity Type: Telecommunications, Government, Energy, Other Sectors
Industry: Multiple
Location: JapanVietnamIndiaIndonesiaNigeriaUnited KingdomOthers (20+ countries)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach KNO3634336111325
Incident Response Plan Activated: ['Internal containment (per leaked memos)']
Containment Measures: Removal of leaked files from GitHubDark web monitoring
Communication Strategy: No public statement by KnownSecChina denied breach as 'groundless'
Incident : Data Leak KNO5392653111425
Containment Measures: Files removed from GitHubNo official confirmation of further actions
Communication Strategy: Chinese Foreign Ministry denial of breach knowledgeNo refutation of state-associated cyber intelligence work
Enhanced Monitoring: Security experts recommend layered defenses beyond antivirus/firewalls
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Internal containment (per leaked memos), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach KNO4133041111125
Type of Data Compromised: Confidential documents, State-linked hacking operations
Number of Records Exposed: 12,000+
Sensitivity of Data: High (military-linked operations)
Data Exfiltration: Yes
Incident : Data Breach KNO3634336111325
Type of Data Compromised: Immigration records, Malware source code, Reconnaissance data (zoomeye), Target lists, Chat histories, Digital infrastructure maps
Number of Records Exposed: 12,000+ files (including 95 GB of Indian data)
Sensitivity of Data: High (state-aligned hacking operations, PII, government targets)
File Types Exposed: DocumentsSpreadsheetsSource codeBlueprintsDatabases
Incident : Data Leak KNO5392653111425
Type of Data Compromised: Government hacking tools (rats, spyware), Immigration records (95gb), Telecom call logs (3tb), Transport data (459gb), Target lists (80+ organizations), Attack methodologies
Number of Records Exposed: 12,000+ files (total volume: ~3.5TB+)
Sensitivity of Data: Top Secret (cyber weapons)High (PII, call logs, transport data)Confidential (target lists)
Data Exfiltration: Confirmed (via GitHub)Potential earlier exfiltration (2023)
File Types Exposed: DocumentsSpreadsheetsHacking tool binariesDatabasesCode repositories
Personally Identifiable Information: Immigration records (India)Call logs (South Korea)Potential chat app data (Telegram, Chinese apps)
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by removal of leaked files from github, dark web monitoring, , files removed from github, no official confirmation of further actions and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach KNO3634336111325
Data Exfiltration: True
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach KNO3634336111325
Legal Actions: US DoD blacklisting (January 2024),
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through US DoD blacklisting (January 2024), .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach KNO3634336111325
Lessons Learned: Need for stronger cyber defenses in India, Risks of private firms in state-directed cyber operations, Vulnerability of reconnaissance tools (e.g., ZoomEye) to exposure, Importance of insider threat mitigation
Incident : Data Leak KNO5392653111425
Lessons Learned: Private cybersecurity firms can be deeply entangled in state-sponsored operations, creating significant risks if breached., GitHub and public repositories require stricter monitoring for sensitive data leaks., Advanced hacking tools (e.g., RATs, spyware, malicious hardware) pose evolving threats beyond traditional malware., Critical infrastructure in multiple countries is actively targeted by state-associated actors., Basic antivirus/firewalls are insufficient; layered defenses (e.g., network segmentation, behavioral analysis) are essential.
What recommendations were made to prevent future incidents ?
Incident : Data Breach KNO3634336111325
Recommendations: Enhance monitoring of Chinese cybersecurity firms, Strengthen India’s immigration data protection, Conduct forensic analysis of leaked tools for indicators of compromise (IoCs), Improve international collaboration on cyber espionage threatsEnhance monitoring of Chinese cybersecurity firms, Strengthen India’s immigration data protection, Conduct forensic analysis of leaked tools for indicators of compromise (IoCs), Improve international collaboration on cyber espionage threatsEnhance monitoring of Chinese cybersecurity firms, Strengthen India’s immigration data protection, Conduct forensic analysis of leaked tools for indicators of compromise (IoCs), Improve international collaboration on cyber espionage threatsEnhance monitoring of Chinese cybersecurity firms, Strengthen India’s immigration data protection, Conduct forensic analysis of leaked tools for indicators of compromise (IoCs), Improve international collaboration on cyber espionage threats
Incident : Data Leak KNO5392653111425
Recommendations: Implement zero-trust architectures and continuous network monitoring., Enhance insider threat detection and access controls for sensitive projects., Conduct regular audits of third-party code repositories for exposed secrets., Develop international norms for cybersecurity firms’ involvement in state operations., Invest in threat intelligence sharing to counter cross-border cyber espionage.Implement zero-trust architectures and continuous network monitoring., Enhance insider threat detection and access controls for sensitive projects., Conduct regular audits of third-party code repositories for exposed secrets., Develop international norms for cybersecurity firms’ involvement in state operations., Invest in threat intelligence sharing to counter cross-border cyber espionage.Implement zero-trust architectures and continuous network monitoring., Enhance insider threat detection and access controls for sensitive projects., Conduct regular audits of third-party code repositories for exposed secrets., Develop international norms for cybersecurity firms’ involvement in state operations., Invest in threat intelligence sharing to counter cross-border cyber espionage.Implement zero-trust architectures and continuous network monitoring., Enhance insider threat detection and access controls for sensitive projects., Conduct regular audits of third-party code repositories for exposed secrets., Develop international norms for cybersecurity firms’ involvement in state operations., Invest in threat intelligence sharing to counter cross-border cyber espionage.Implement zero-trust architectures and continuous network monitoring., Enhance insider threat detection and access controls for sensitive projects., Conduct regular audits of third-party code repositories for exposed secrets., Develop international norms for cybersecurity firms’ involvement in state operations., Invest in threat intelligence sharing to counter cross-border cyber espionage.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Need for stronger cyber defenses in India,Risks of private firms in state-directed cyber operations,Vulnerability of reconnaissance tools (e.g., ZoomEye) to exposure,Importance of insider threat mitigationPrivate cybersecurity firms can be deeply entangled in state-sponsored operations, creating significant risks if breached.,GitHub and public repositories require stricter monitoring for sensitive data leaks.,Advanced hacking tools (e.g., RATs, spyware, malicious hardware) pose evolving threats beyond traditional malware.,Critical infrastructure in multiple countries is actively targeted by state-associated actors.,Basic antivirus/firewalls are insufficient; layered defenses (e.g., network segmentation, behavioral analysis) are essential.
References
Where can I find more information about each incident ?
Incident : Data Leak KNO5392653111425
Source: Mrxn (Chinese News Outlet)
Incident : Data Leak KNO5392653111425
Source: International Cyber Digest (X/Twitter)
Incident : Data Leak KNO5392653111425
Source: Chinese Foreign Ministry Statement
Date Accessed: 2025-11-02 (estimated)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: WION (World Is One News)Url: https://www.wionews.comDate Accessed: 2024-05-01, and Source: Mrxn (Chinese News Outlet), and Source: International Cyber Digest (X/Twitter), and Source: Chinese Foreign Ministry StatementDate Accessed: 2025-11-02 (estimated).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach KNO3634336111325
Investigation Status: Ongoing (unofficial; no public updates from KnownSec or Chinese government)
Incident : Data Leak KNO5392653111425
Investigation Status: Ongoing (unofficial; Chinese government denies breach but acknowledges state-linked cyber activities)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through No Public Statement By Knownsec, China Denied Breach As 'Groundless', Chinese Foreign Ministry Denial Of Breach Knowledge and No Refutation Of State-Associated Cyber Intelligence Work.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach KNO3634336111325
High Value Targets: Indian Government Networks, Border Systems, 20+ Countries (Asia, Europe, Africa),
Data Sold on Dark Web: Indian Government Networks, Border Systems, 20+ Countries (Asia, Europe, Africa),
Incident : Data Leak KNO5392653111425
Entry Point: Potential Insider (2023 Theft), Github Repository Misconfiguration (2025 Leak),
Reconnaissance Period: Possibly years (since 2023)
High Value Targets: Government Hacking Tools, Lists Of International Targets (20+ Countries), Critical Infrastructure Data (Telecom, Transport),
Data Sold on Dark Web: Government Hacking Tools, Lists Of International Targets (20+ Countries), Critical Infrastructure Data (Telecom, Transport),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach KNO3634336111325
Root Causes: Potential Insider Threat, Inadequate Access Controls, Lack Of Transparency In State-Private Cyber Collaborations,
Incident : Data Leak KNO5392653111425
Root Causes: Likely Insider Threat Or Compromised Credentials (2023 Theft), Inadequate Protection Of Sensitive Files (Github Exposure), Blurred Lines Between Private Cybersecurity Work And State Operations,
Corrective Actions: Unknown (No Official Response From Knownsec Or Chinese Government), Experts Recommend Overhauling Access Controls And Third-Party Risk Management,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Security Experts Recommend Layered Defenses Beyond Antivirus/Firewalls, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Unknown (No Official Response From Knownsec Or Chinese Government), Experts Recommend Overhauling Access Controls And Third-Party Risk Management, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unknown (Suspected Insider or Ideological Actor)Potential State-Sponsored Affiliation.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-05-01T00:00:00Z.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-02.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were 12,000+ confidential documents, , 12,000+ internal documents, 95 GB of Indian immigration data (allegedly stolen in 2024), Blueprints/source code for advanced malware, Remote access tools, Hardware implants (e.g., malicious USB chargers/power banks), Digital infrastructure maps of India, Target lists spanning Asia, Europe, and Africa, Chat histories from WeChat, QQ, and Telegram, ZoomEye reconnaissance data, , 95GB of Indian immigration records, 3TB of South Korean call logs (LG U Plus), 459GB of Taiwanese transport data, Hacking tools (RATs, Android spyware, malicious power bank), List of 80 foreign organizations targeted (critical infrastructure), Details of attacks on 20+ countries/regions and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was KnownSec’s secure serversGitHub (briefly hosted leaked files).
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Removal of leaked files from GitHubDark web monitoring and Files removed from GitHubNo official confirmation of further actions.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were 12,000+ internal documents, 95GB of Indian immigration records, 95 GB of Indian immigration data (allegedly stolen in 2024), Blueprints/source code for advanced malware, 3TB of South Korean call logs (LG U Plus), Chat histories from WeChat, QQ, and Telegram, 459GB of Taiwanese transport data, Hacking tools (RATs, Android spyware, malicious power bank), List of 80 foreign organizations targeted (critical infrastructure), Details of attacks on 20+ countries/regions, Remote access tools, Hardware implants (e.g., malicious USB chargers/power banks), ZoomEye reconnaissance data, Target lists spanning Asia, Europe, and Africa, Digital infrastructure maps of India, 12 and000+ confidential documents.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 36.1K.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was US DoD blacklisting (January 2024), .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Basic antivirus/firewalls are insufficient; layered defenses (e.g., network segmentation, behavioral analysis) are essential.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Strengthen India’s immigration data protection, Invest in threat intelligence sharing to counter cross-border cyber espionage., Conduct regular audits of third-party code repositories for exposed secrets., Implement zero-trust architectures and continuous network monitoring., Improve international collaboration on cyber espionage threats, Conduct forensic analysis of leaked tools for indicators of compromise (IoCs), Enhance monitoring of Chinese cybersecurity firms, Develop international norms for cybersecurity firms’ involvement in state operations. and Enhance insider threat detection and access controls for sensitive projects..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are International Cyber Digest (X/Twitter), WION (World Is One News), Chinese Foreign Ministry Statement and Mrxn (Chinese News Outlet).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.wionews.com .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (unofficial; no public updates from KnownSec or Chinese government).
Initial Access Broker
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Possibly years (since 2023).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Potential insider threatInadequate access controlsLack of transparency in state-private cyber collaborations, Likely insider threat or compromised credentials (2023 theft)Inadequate protection of sensitive files (GitHub exposure)Blurred lines between private cybersecurity work and state operations.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Unknown (no official response from Knownsec or Chinese government)Experts recommend overhauling access controls and third-party risk management.
.png)
Latest Global CVEs (Not Company-Specific)
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
Risk Information
cvss3
Base: 6.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Description
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Risk Information
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=knownsec' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
