An evaluation of an information leak from a Chinese language cybersecurity firm TopSec has revealed that it possible presents censorship-as-a-service options to potential prospects, together with a state-owned enterprise within the nation.
Based in 1995, TopSec ostensibly presents companies reminiscent of Endpoint Detection and Response (EDR) and vulnerability scanning. However it’s additionally offering “boutique” options as a way to align with authorities initiatives and intelligence necessities, SentinelOne researchers Alex Delamotte and Aleksandar Milenkoski said in a report shared with The Hacker Information.
The information leak incorporates infrastructure particulars and work logs from staff, in addition to references to net content material monitoring companies used to implement censorship for private and non-private sector prospects.
It is believed that the corporate supplied bespoke monitoring companies to a state-owned enterprise hit by a corruption scandal, indicating that such platforms are getting used to watch and management public opinion as vital.
Current among the many knowledge leak is a contract for a “Cloud Monitoring Service Undertaking” introduced by the Shanghai Public Safety Bureau in September 2024.
The challenge, the doc reveals, entails steady monitoring of internet sites throughout the Bureau’s jurisdiction with the objective of figuring out safety points and content material adjustments, and offering incident alerts.
Particularly, the platform has been designed to search for the presence of hidden hyperlinks in net content material, together with these containing sensitive words associated to political criticism, violence, or pornography.
Whereas the precise objectives are unclear, it is suspected that such alerts could possibly be utilized by prospects to take follow-on actions, reminiscent of issuing warnings, deleting content material, or proscribing entry when delicate phrases are detected. That stated, Shanghai Anheng Good Metropolis Safety Know-how Co. Ltd. gained the contract, per public paperwork analyzed by SentinelOne.
The cybersecurity agency stated the leak was detected after it analyzed a textual content file that was uploaded to the VirusTotal platform on January 24, 2025. The style through which the information was leaked stays unclear.
“The primary file we analyzed incorporates quite a few work logs, that are an outline of the work carried out by a TopSec worker and the period of time the duty took, typically accompanied by scripts, instructions, or knowledge associated to the duty,” the researchers famous.
“Along with work logs, the leak incorporates many instructions and playbooks used to administrate TopSec’s companies by way of a number of widespread DevOps and infrastructure applied sciences which are used worldwide, together with Ansible, Docker, ElasticSearch, Gitlab, Kafka, Kibana, Kubernetes, and Redis.”
Additionally discovered are references to a different framework named Sparta (or Sparda) that is supposedly designed to deal with delicate phrase processing by receiving content material from downstream net purposes by way of GraphQL APIs, as soon as once more suggestive of censorship key phrase monitoring.
“These leaks yield perception into the complicated ecosystem of relationships between authorities entities and China’s non-public sector cybersecurity corporations,” the researchers stated.
“Whereas many nations have vital overlap between authorities necessities and personal sector cybersecurity corporations, the ties between these entities in China are a lot deeper and signify the state’s grasp on managing public opinion by on-line enforcement.”
Source link