ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Research
  • Threat Analysis Brief Reports
Overview of Chinese Cybersecurity Company Knownsec
2026.04.15

✅ Report Title: Overview of Chinese Cybersecurity Company Knownsec



✅ Executive Summary:


📌 What Is Knownsec?


- Beijing Knownsec Information Technology Co., Ltd. (北京知道创宇信息技术股份有限公司) is a Chinese cybersecurity company founded in 2007, headquartered in Beijing, and operates three major technology centers in Beijing, Chengdu, and Wuhan (hereinafter referred to as Knownsec).

  - Knownsec hosts KCon (Knownsec Security Conference), a large-scale security conference involving global security experts and researchers. The conference is regarded as one of the representative security events in China where vulnerability research, attack technique analysis, and security technology presentations take place.

  - Knownsec provides services across a broad range of security domains including monitoring, attack detection and response, security infrastructure protection, asset management, and access control, with representative solutions including ZoomEye, which performs a reconnaissance role, and GhostX, which performs an offensive role.



📌 Threat Analysis Related to Knownsec


- 2025-10-31: @t1g3r, Initial Leakage of Partial Data

  - A user named @t1g3r active on Darkforums uploaded a post selling internal materials of the Chinese security company Knownsec, sharing approximately 60 screenshots as samples.

  - Within the samples, partial identification was made of target country and domain lists, key documents related to government agencies presumed to be clients, along with information on database construction and operation targeting multiple countries, evidence of network scanning activities, as well as portions of major product introduction and presentation materials.

  - The samples are assessed to contain a significant amount of highly sensitive information, including target information at the national and institutional level as well as infrastructure and operational details.


- 2026-03-17: @Blastoize, Initial Leakage of Partial Data

  - A user named @Blastoize active on Darkforums leaked a portion of internal documents from the Chinese security company Knownsec, and a number of documents not present in the samples shared by @t1g3r on October 31, 2025 were identified.

  - The sample image link shared through the post is identical to the sample link first published on October 31, 2025.

  - While the samples published on October 31, 2025 contained screenshots of target country and domain lists and key documents related to government agencies presumed to be clients, the original documents corresponding to those screenshots were not identified in the additionally leaked materials, which are assessed to be primarily composed of academic materials, product descriptions, technical documents, and student presentation materials.


- 2026-03-19: @Blastoize, Sale of Full Dataset

  - On March 17, 2026, user @Blastoize, who had previously leaked a portion of the data, uploaded a post announcing the sale of the entire dataset consisting of 12,000 files.

  - The sample image link shared through the post is also identical to the sample link first published on October 31, 2025, and the previous post in which a portion of the data was leaked was attached together.



📌 Key Services and Products of Knownsec


1. ZoomEye


- Within the samples published on October 31, 2025, introductory materials on ZoomEye, a cyberspace search radar solution that explores and analyzes all internet-exposed assets of Knownsec, were partially identified.

- ZoomEye is a cyberspace search engine developed by Knownsec and is a platform that scans the internet on a large scale to collect and analyze asset information of externally exposed servers, network equipment and IoT devices.



2. GhostX


- Within the samples published on October 31, 2025, introductory materials on GhostX, an integrated cyber offensive solution developed by Knownsec that performs takeover, surveillance, and data exfiltration following infiltration of target systems, were partially identified.

- According to the materials, GhostX is an integrated cyber operations platform developed by Knownsec that performs various functions through remote control of infected systems, including file exploration, process management, screen monitoring, keylogging, and account credential theft.



📌 Offensive Research Team and Threat Intelligence Center


- Knownsec is confirmed to operate the offensive solution GhostX while also possessing an offensive research organization called ‘404 Team’ that conducts attack technique analysis.



✅ Recommended Threat Detection and Mitigation Actions:


- When collaborating with security solutions and companies, it is necessary to thoroughly review security risks and exercise careful judgment regarding adoption and integration.


- It is recommended to implement the following controls: external exposed asset inspection and unnecessary port blocking, MFA enforcement across all accounts, internal network access control, DNS-based anomalous behavior detection, and monitoring of persistence and data exfiltration activities utilizing EDR.



🧑‍💻 Report Author: S2W TALON


👉 Contact us: https://s2w.inc/en/contact


*The full report is available upon request and for QUAXAR subscribers.


AI Trends
4 Key Considerations for Teams Planning an AI Transformation (AX)
2026.04.15
Previous
News Highlights
Weekly Darkweb: April 2026, Week 2
2026.04.15
Next
List