A Chinese security firm, TopSec, has revealed that it probably provides censorship-as-a-service to potential customers, including a state-owned business in the nation, according to an analysis of a information hole.
TopSec, which was founded in 1995, claims to provide services like vulnerability scanning and endpoint detection and response ( EDR). According to SentinelOne experts Alex Delamotte and Aleksandar Milenkoski, it’s also providing “boutique” answers in a statement shared with The Hacker News in order to comply with government initiatives and intelligence needs.
The data leak contains information about equipment and work files from people as well as recommendations to web content tracking services used to impose censorship on clients in the public and private sectors.
According to the company, a state-owned company that was hit by a corruption scandal received bespoke monitoring services, which suggests that for platforms are being used to check and influence public opinion as needed.
A commitment for a” Cloud Monitoring Service Project” that the Shanghai Public Security Bureau announced in September 2024 is present in the data leak.
The initiative, the report reveals, involves continuous monitoring of sites within the Bureau’s authority with the goal of identifying protection problems and content changes, and providing event alerts.
Specifically, the system has been designed to look for the presence of hidden links in web content, along with those containing sensitive terms related to political criticism, violence, or sex.
While the specific goals are vague, it’s suspected that for alerts could be used by customers to take follow-on actions, such as issuing warnings, deleting content, or restricting access when sensitive words are detected. That said, Shanghai Anheng Smart City Security Technology Co. Ltd. won the contract, per public documents analyzed by SentinelOne.
The cybersecurity firm claimed the leak was found after it had analyzed a text file that was to the VirusTotal platform on January 24, 2025. The details of the data leak remain a mystery.
The researchers noted that the main file we examined contains numerous work logs, which are a description of the tasks performed by TopSec employees and how long the tasks took, frequently accompanied by scripts, commands, or other relevant information.
” In addition to work logs, the leak contains many commands and playbooks used to administrate TopSec’s services via multiple common DevOps and infrastructure technologies that are used worldwide, including Ansible, Docker, ElasticSearch, Gitlab, Kafka, Kibana, Kubernetes, and Redis”.
Once more indicative of censorship keyword monitoring, references to another framework called Sparta ( or Sparda ) that is supposedly designed to handle sensitive word processing by receiving content from downstream web applications via GraphQL APIs are also found.
According to the researchers,” These leaks provide insight into the complex ecosystem of relationships between government organizations and China’s private sector cybersecurity companies.”
The ties between government requirements and private sector cybersecurity firms in China are much deeper and reflect the state’s ability to control public opinion through online enforcement, according to the report.