Happy Friday, folks! New research from us:
THE KNOWNSEC LEAK: Yet Another Leak of China鈥檚 Contractor-Driven Cyber-Espionage Ecosystem
DTI researchers have been ripping apart 60+ sample screenshots from the Knownsec dump since November.
What emerged were deep technical details about Knownsec's platform and capabilities.
Knownsec tends to portray itself as a vanilla bug bounty/defense/pentest outfit.
But internal documents show they're a deeply sophisticated surveillance and offensive operations firm.
Their global crawler ZoomEye aggregates along with a target database and a vast datalake to enable targeting, compromise, and deeper surveillance of people, places, and institutions.
Their PassiveRadar product allows them to feed multiple sources including PCAPs into a network environment enumerator, which raises the stakes on things like packet interception.
It's a completely passive way to build up a picture of the network environment in order to figure out how to best compromise it.
As stated in our analysis, Resecurity's recent writeup definitely fleshed out targeting data much more, so it's very worth reading: https://www.resecurity.com/blog/article/knownsec-data-breach-a-trove-of-espionage-tradecraft-with-an-insider-narrative
That said, I really like how deeply we went on the technicals, and how much we were able to pull just from 65 screenshots.
