SentinelLABS has reported a substantial data leak from TopSec, a Chinese cybersecurity firm, revealing extensive operational details and monitoring solutions aimed at government censorship enforcement. The leak provides critical insights into the collaboration between state entities and cybersecurity firms to manage political narratives, particularly during corruption investigations. Affected: TopSec, Chinese Communist Party (CCP), Chinese cybersecurity sector
Keypoints :
- SentinelLABS analyzed a data leak from TopSec, exposing work logs and infrastructure operations.
- The leaked data shows TopSec’s role in enforcing internet censorship for state-owned clients.
- References to specific government organizations and state-owned enterprises reveal the extent of TopSec’s involvement in governmental operations.
- TopSec offered bespoke cybersecurity services during a corruption scandal involving a high-ranking official.
- The firm employs various advanced technologies like Docker, Kubernetes, and GraphQL in its operations.
- Key findings indicate ongoing strategies by the Chinese government to monitor and suppress political dissent online.
MITRE Techniques :
- T1071.001 – Application Layer Protocol: TopSec’s monitoring services utilize common protocols for data transmission to interact with government entities.
- T1078 – Valid Accounts: The leaked documents contained hardcoded credentials, posing serious security risks.
- T1470 – Data from Information Repositories: The infrastructure logs include sensitive operational and monitoring codes that could be exploited.
- T1095 – Non-Application Layer Protocol: The use of Docker containers and Kubernetes indicates deployment of services that function outside standard application protocols.
Indicator of Compromise :
- [SHA-1] 1bccef07ad0348e326248fe321259e2bd8f8cf8b