Blastoize

Blastoize is a threat actor name associated in the provided content with posting a free partial download of corporate documents from Knownsec on the open web on 2026-03-18 00:56:35 UTC. The material is described as a redistribution of the original Knownsec leak first exposed in November 2025, rather than a new breach. Based on the content, Blastoize is linked to publication and redistribution of leaked data, not to the original compromise. The redistributed material reportedly related to a major Chinese cybersecurity firm, Knownsec, described as having ties to the Chinese government and military. The underlying leaked documents reportedly included source code and documentation for offensive cyber tools, including RATs for Linux, Windows, macOS, iOS, and Android; Android malware for extracting message histories from Chinese chat applications and Telegram; specifications for a malicious power bank used for covert data exfiltration; spreadsheets listing more than 80 overseas targets across over 20 countries; records of alleged exfiltration of foreign datasets; and documentation of collaboration between Knownsec and Chinese government entities including the Chinese Police No.3 Research Department. The content also states that the leaked material referenced use of ZoomEye to enumerate target infrastructure and a Critical Infrastructure Target Database prioritizing Taiwan, the United States, Japan, India, and Korea. No additional aliases, sub-groups, or attribution details for Blastoize are provided in the content.