On November 2, 2025, the global cybersecurity community witnessed one of the most significant digital breaches in history. Knownsec, a Chinese cybersecurity firm with deep state ties, suffered a catastrophic data leak that exposed more than 12,000 classified documents.
Those documents didn’t just contain technical blueprints of China’s cyber tools – they revealed a state-sponsored digital espionage operation targeting dozens of countries. And among the biggest victims was India, with a shocking 95GB of immigration data stolen by Knownsec-affiliated hackers.
This wasn’t a random cyberattack. This was strategic data theft, a silent infiltration of India’s national systems designed to serve China’s intelligence and geopolitical ambitions.
Knownsec has long operated under the guise of a ‘private cybersecurity company’. In reality, it functioned as an unofficial extension of China’s state security apparatus. It developed malware, surveillance tools, and offensive cyber capabilities used by Beijing to penetrate foreign governments, corporations, and critical infrastructure.
But on November 2, the hunter became the hunted. A still-unidentified entity breached Knownsec’s internal servers, dumping thousands of documents online. Before GitHub removed the files, cybersecurity researchers managed to mirror and analyse the trove. What they found was a digital map of China’s global espionage network – and India was squarely in the center.
Buried in the leaked documents was a spreadsheet detailing 80 foreign targets compromised by Knownsec operators. Next to each target, data exfiltration metrics were recorded – precise volumes, timestamps, and access points.
For India, the figure was unmistakable: 95 gigabytes of immigration data stolen.
That’s not just numbers. It means visa information, passport details, entry-exit logs, biometric records, and potentially security clearances of individuals – a goldmine for intelligence manipulation.
In simple terms, China didn’t just steal data; it stole a digital mirror of India’s border control system.
This data gives Chinese intelligence agencies the ability to map movement patterns of key diplomats, business executives, and defense personnel. It also enables them to track cross-border movement trends – crucial for geopolitical strategy, economic espionage, and even influence operations.
The breach paints a chilling picture: while India debates border disputes on the Himalayan front, China has been mapping India’s human borders digitally – one database at a time.
The Knownsec leak reveals the tools behind this infiltration. Among the documents are descriptions of multi-platform malware frameworks capable of compromising Linux, Windows, and Android systems.
The Android component is particularly concerning. It could extract complete chat histories from Indian mobile users, including popular communication apps such as Telegram and Signal – platforms widely used by journalists, activists, and even bureaucrats.
This surveillance wasn’t blind. It was targeted and strategic.
One internal Knownsec report mentioned “South Asia – Priority Class A,” a designation that analysts believe refers to India-focused intelligence missions. The technical notes outline operations involving:
- Persistent infiltration of immigration networks through phishing of government employee credentials.
- Trojanised software updates injected into commonly used database management systems.
- Hardware compromise through supply-chain tampering – especially via imported power banks and storage devices capable of silent data extraction.
That last point hits close to home. The leaked plans describe a malicious power bank, designed to copy sensitive data from connected systems – a perfect tool for espionage in environments with tight software security.
China’s cyber strategy follows a clear doctrine: collect, control, and capitalise.
India represents all three opportunities.
- Collect: India’s digital transformation has created vast databases – immigration, Aadhaar, telecom, and defense logistics – all interconnected and accessible through networks that, while improving, remain vulnerable.
- Control: With knowledge of immigration flows, China can anticipate Indian diplomatic and defense movements. Information about foreign nationals entering India could even aid counter-intelligence operations abroad.
- Capitalise: Data-driven insights can be leveraged to manipulate trade, influence policy decisions, and even shape narratives through digital propaganda.
For China, India is not merely a neighbour – it’s a strategic competitor in Asia’s digital race. Cyber dominance is Beijing’s new battlefield, and data is its most potent weapon.
The Knownsec revelation exposes the soft underbelly of India’s cyber infrastructure. Despite repeated warnings by domestic agencies, India’s digital systems remain fragmented – multiple government departments run independent networks with varying levels of protection.
The 95GB breach is likely just a fraction of the total compromise. Experts believe that telecom, defense procurement, and energy sectors may have also been probed, given China’s historical interest in these domains.
India’s cyber defense ecosystem, led by agencies like CERT-In and the National Critical Information Infrastructure Protection Centre (NCIIPC), is capable – but under-resourced compared to the scale of Chinese cyber operations.
The Knownsec breach must serve as a moment of reckoning for India’s policymakers:
Cybersecurity isn’t just an IT issue anymore. It’s national security.
The Knownsec leak is also a diplomatic embarrassment for Beijing. It exposes what the world has long suspected: that China’s cybersecurity firms often act as fronts for state espionage.
India’s inclusion in the target list isn’t surprising, but the precision of the data exfiltration is alarming. It reveals China’s obsession with surveillance and data dominance – a mirror of its internal governance model projected onto the world.
New Delhi will have to decide how to respond:
- Will it confront Beijing directly, risking escalation in already tense bilateral relations?
- Or will it quietly harden its cyber defences and use this moment to redefine digital sovereignty?
Either way, the Knownsec breach has handed India something invaluable – clarity.
Clarity that cyber warfare isn’t theoretical. It’s here, it’s ongoing, and it’s as dangerous as any physical border conflict.
India’s cyber future depends on how seriously it learns from this breach.
We cannot afford complacency. We cannot hide behind bureaucratic reports or vague press statemen. Every byte of data stolen represents a citizen’s trust broken. Every unpatched server, every unsecured database, becomes an invitation for espionage.
The Knownsec incident should push India toward a cybersecurity doctrine that matches its geopolitical ambitions – integrated, proactive, and unyielding.
That means:
- Establishing a unified national cyber command with real-time coordination.
- Investing in domestic encryption technologies and indigenous hardware solutions.
- Creating accountability frameworks for both public and private digital custodians.
China’s cyber empire thrives on secrecy. India must counter it with transparency, resilience, and technological sovereignty.
The Knownsec leak is poetic justice.
A nation that built an empire of surveillance now finds itself under global scrutiny. The dragon that spied on others has been caught staring into the mirror.
For India, this is not just about the 95GB of stolen data. It’s about realising the cost of digital negligence.
We cannot fight twenty-first-century wars with twentieth-century firewalls.
As I’ve said before – “Truth doesn’t fear exposure. Only those who hide behind firewalls do.”
And this time, China’s firewall cracked first.
