Did China access Indian immigration and border data? What the breach of cybersecurity firm KnownSec revealed

One of China’s most important cybersecurity firms has been breached, revealing information about India stored on its servers. The hack revealed that KnownSec had data on the immigration records of India. The incident, which came to light earlier this month, exposed files that reportedly included details of state-aligned hacking operations across more than 20 countries. As per cyber security experts, the data is a rare glimpse into China's offensive cyber capabilities and the role of private firms in state-directed operations.

KnownSec breach: What was leaked?

The breach reportedly involved the leak of over 12,000 internal documents from KnownSec’s secure servers. It contained blueprints and source code for advanced malware, remote access tools and device-based attack kits, according to cybersecurity analysts. It allegedly included programmes that can access chat histories from WeChat, QQ and Telegram. There were also hardware implants disguised as USB chargers, such as malicious power banks. The files, released on the web, contained lists of targets spanning Asia, Europe and Africa, with India, Japan, Vietnam, Indonesia and the UK featuring prominently.

The files were briefly shared on GitHub before being taken down, but copies have since circulated among security researchers and dark web forums.

KnownSec’s operations possibly targeted India

Data on India was among the largest exposed in the breach. It allegedly contained archives of Indian immigration data and digital infrastructure maps. One spreadsheet allegedly contained records of 95 gigabytes of Indian immigration data, possibly stolen in 2024. Security analysts who examined the breach found that China had a long-term interest in Indian government networks and border systems.

What is KnownSec?

Founded in 2007, KnownSec is a private cybersecurity firm known to have collaborated with Chinese government agencies on digital defence projects. Deeply embedded in national cyber initiatives, KnownSec’s well-known products include the ZoomEye internet scanning engine, used for network reconnaissance. In January this year, the US Department of Defence blacklisted dozens of Chinese companies operating in the US that it claimed are part of the People’s Republic of China’s military apparatus. KnownSec, formally known as Beijing Zhidao Chuangyu Information Technology Co., Ltd, was one of them.

KnownSec data leak is a “wake-up call”

Interestingly, the data breach did not come with any ransom demand, which suggests the motive was not financial. Instead, it may have been an insider job or the work of an ideological actor. China has not officially acknowledged the breach, calling reports “groundless”, and KnownSec has issued no public statement. Leaked internal memos circulating online hinted at internal containment efforts by the company. Cybersecurity analysts warned that the exposure could have lasting effects, as the files could be repurposed by criminal or state groups. For India, the leas show the need for stronger cyber defence.