Worrying: China might have stolen India's immigration data
What's the story
A data breach at Chinese cybersecurity firm KnownSec has exposed sensitive information about India, including its immigration records. The incident, which was discovered earlier this month, revealed files containing records of state-sponsored hacking operations in over 20 countries. Cybersecurity experts say the leak provides a rare insight into China's cyber warfare capabilities and the involvement of private companies in state-sponsored activities.
Data leak
Malware, attack kits, and remote access tools leaked
The breach exposed more than 12,000 internal documents from KnownSec's secure servers. These included blueprints and source code for sophisticated malware, remote access tools, and also device-based attack kits. Among the leaked files were programs that could extract chat histories from WeChat, QQ, and Telegram. There were also hardware implants masquerading as USB chargers such as malicious power banks.
Sensitive information
Target lists included India, Japan, Vietnam, Indonesia, UK
The leaked files included target lists across Asia, Europe, and Africa, with India, Japan, Vietnam, Indonesia, and the UK being prominent. The data on India was one of the biggest exposures in the breach. It allegedly contained archives of Indian immigration records and also digital infrastructure maps. One spreadsheet reportedly had 95GB of Indian immigration data.
Company involvement
KnownSec's links to Chinese government
Founded in 2007, KnownSec is a private cybersecurity firm that has worked with Chinese government agencies on digital defense projects. It is deeply embedded in national cyber initiatives and is known for products such as the ZoomEye internet scanning engine used for network reconnaissance. In January this year, the US Department of Defense blacklisted several Chinese companies, including KnownSec, operating in the US as part of the People's Republic of China's military apparatus.
Investigation ongoing
No ransom demand, breach not acknowledged by China
Interestingly, the data breach did not come with a ransom demand, indicating that the motive was not financial. It could have been an insider job or carried out by an ideological actor. China has not officially acknowledged the breach and KnownSec has made no public statement regarding it. Leaked internal memos suggest that KnownSec is trying to contain the situation internally.