Knownsec

Knownsec (also referred to as KnownSec; officially cited as Beijing Knownsec Information Technology Co., Ltd. / Beijing Zhidao Chuangyu Information Technology Co., Ltd.) is a major Chinese cybersecurity company described as having close ties to the Chinese government and military and operating as a cyber contractor for Chinese military and intelligence services. It is widely known in Western security circles for the ZoomEye IoT/internet search engine (internet-mapping/reconnaissance comparable to Shodan/Censys). Reporting summarized here centers on a major 2025 leak of roughly 12,000 internal documents allegedly tied to Knownsec. The leak is described as exposing internal documentation, government contract details, offensive tooling, and global targeting/collection activity. Multiple sources characterize the leaked tooling as including remote-access Trojans and data extraction/analysis programs; DomainTools’ analysis of the alleged leak references offensive products including GhostX, Un-Mail, and Passive Radar, described as supporting long-term access and capabilities such as exploitation, credential theft, email takeover/exfiltration, DNS hijack, administrative takeover, infrastructure control, and network reconstruction from PCAPs. Victimology/targeting described in the leak reporting includes a “targets list” of more than 80 organizations and claimed collection across many countries and sectors, including foreign government, telecom, financial, and energy networks. Specific claimed datasets mentioned include 95 GB of Indian immigration records, 3 TB of South Korean call logs (LG U-Plus), and 459 GB of Taiwanese road/transport planning data; additional mentions include passwords for Taiwanese Yahoo accounts and Brazilian LinkedIn-related data. The leak is also described as indicating broad monitoring/mapping of global infrastructure (e.g., a critical infrastructure target database and large-scale tracking of agencies, IPs, and domains). Organizationally, Knownsec is described as founded by first-generation “patriotic hackers” and as having an internal team referenced as “404 Team (SeeBug)” specializing in vulnerability research and offensive operations. The company is described as collaborating with Chinese law enforcement and other state entities, and as receiving government funding for cyber operations-related projects. The U.S. government is reported to have identified Knownsec as a Chinese Military Company and placed it on an export restriction entity list. Regarding the breach itself, one account states the leak was first publicized on a Chinese blog and that some data was briefly posted to GitHub before removal; another account states Knownsec attributed the incident to a network intrusion discovered in August 2023 involving exploitation of three zero-day vulnerabilities against its cloud office system, and that it reported the matter to Chinese authorities in early November 2025 while claiming only partial employee/customer lists and some dark web monitoring data were compromised and that no sensitive customer/user credentials were exposed. Other reporting notes uncertainty about whether the leak was insider-driven or a hack-and-dump operation, and that most analysts have not seen the full dataset.