SentinelLABS has analyzed a significant data leak revealing the infrastructure and operational practices of TopSec (北京天融), a Chinese cybersecurity firm with deep ties to state surveillance efforts. The leak exposes how TopSec works with both public and private entities in China to monitor and control online content, shedding light on the mechanisms behind the country’s digital censorship apparatus.
TopSec is a well-established cybersecurity firm offering services such as Endpoint Detection & Response (EDR), vulnerability scanning, and cloud security monitoring. However, the leaked data highlights a darker side of its operations: customized monitoring solutions designed to align with government intelligence objectives and censorship policies.
According to the report, “We identified work logs and system features that indicate TopSec is likely enabling content moderation for internet censorship purposes, a key strategy used by the Chinese Communist Party (CCP) to monitor and control public opinion on issues that the state deems contentious or antisocial.”
The data leak consists of over 7,000 lines of work logs and code used to orchestrate TopSec’s DevOps infrastructure. Notably, several scripts were found connecting to Chinese government domains, academic institutions, and media websites, suggesting a sophisticated network of surveillance and content control.
SentinelLABS notes that the leaked file contains numerous work logs, describing the work performed by a TopSec employee, including scripts, commands, and system configurations related to censorship enforcement.
One of the most alarming revelations involves bespoke services TopSec provided to a state-owned enterprise immediately after a corruption investigation into its leadership was made public. The logs suggest that as the scandal unfolded, TopSec rapidly deployed targeted content moderation solutions to manage the narrative surrounding the case.
According to SentinelLABS, “Further, we found evidence indicating that TopSec provided bespoke services to a state-owned enterprise on the date that a corruption investigation was announced targeting the organization’s top official.” This underscores the extent to which Chinese cybersecurity firms coordinate with state authorities to control information flow and mitigate reputational risks for government-linked entities.
The leak also reveals details about TopSec’s proprietary monitoring technologies, referred to in work logs as Sparta and Apollo. These systems enable analysis of web content for sensitive keywords, automatically flagging and suppressing politically sensitive discussions.
“On a technical level, Sparta is a framework that uses GraphQL APIs to receive content from downstream web applications. Work logs indicate that TopSec migrated from a system called Apollo, which is plausibly a reference to Apollo-GraphQL, an open-source framework offered by a company based in San Francisco.” This discovery suggests that Chinese firms may be modifying foreign technologies to enhance their domestic censorship efforts.
One particularly concerning aspect of the leak is the integration of censorship alerts with WeChat, China’s dominant messaging platform. Work logs indicate that “severe monitoring events are sent to corporate WeChat,” ensuring that flagged content reaches authorities for immediate action.
Since WeChat operates under Chinese regulations, this raises significant concerns about user privacy. As SentinelLABS points out, “Under Chinese laws, companies like Tencent, which owns WeChat, are required to cooperate with government entities, allowing them to access data when requested.”
Related Posts:
- Australia’s Defence Department ban WeChat app due to worry about Chinese espionage activities
- ScarCruft Strikes: North Korea’s Cyber Espionage Against Media and Experts Unveiled
- Fake Identities, Real Profits: Exposing North Korea’s IT Front Companies
- Unmasking Sandman APT: SentinelLabs Decodes China’s Cyber Shadow
- Warning: Russia Deploys New ‘AcidPour’ Wiper Malware in Ukraine
