An analysis of data leaks from Chinese cybersecurity firm Topsec reveals that it is likely to provide censorship solutions to future customers, including domestically owned companies.
Founded in 1995, Topsec ostensibly offers services such as endpoint detection and response (EDR) and vulnerability scanning. But they provide “boutique” solutions tailored to government initiatives and information requirements, Sentinelon researchers Alex Delamott and Alexander Milenkoski said in a report shared with Hacker News.
The data leak includes infrastructure details and work logs from employees, as well as references to web content monitoring services used to enforce censorship of public and private sector customers.
The company is believed to provide custom surveillance services to state-owned companies struck by a corruption scandal, and that such platforms are used to monitor and control public opinion as needed. indicates.
Among the data leaks is a contract for the “Cloud Surveillance Service Project” announced by the Shanghai Public Safety Bureau in September 2024.
The project says the project will include ongoing monitoring of websites within the department’s jurisdiction, with the aim of identifying security issues and content changes and providing incident alerts.
Specifically, the platform is designed to look for the presence of hidden links in web content, along with those containing sensitive language related to political criticism, violence, or pornography.
The exact goal is unknown, but such alerts can be used to perform the following actions, such as issuing warnings, deleting content, restricting access when sensitive words are detected, etc. It is suspected of this. That said, Shanghai Anheng Smart City Security Technology Co. Ltd. has won the contract in accordance with public documents analyzed by Sentinelone.
The cybersecurity company said that a leak was detected after analyzing a text file uploaded to Virustotal Platform on January 24, 2025. The method of data leaking remains unknown.
“The main file analyzed contains a large number of work logs. This is a description of the work performed by topsec employees, often accompanied by scripts, commands, or data related to the task. There is,” the researcher pointed out. .
“In addition to work logs, leaks include Topsec’s services through multiple popular Devops and infrastructure technologies used worldwide, including Ansible, Docker, Elasticsearch, Gitlab, Kafka, Kibana, Kubernetes, and Redis. It contains many commands and playbooks that are used to manage.
There is also a reference to another framework named Sparta (or Sparda). It appears to be designed to handle sensitive word processing by receiving content from downstream web applications via the GraphQL API.
“These leaks provide insight into the complex ecosystem of relationships between government agencies and private sector cybersecurity companies in China,” the researchers said.
“Many countries have significant overlap between government requirements and private sector cybersecurity companies, but the relationship between these entities in China is much deeper, and states regarding the management of public opinion through online enforcement. It represents understanding.”
Source link
