The KnowSec leak shows private enterprises operate as instruments of state policy, supporting surveillance, data aggregation, and potential offensive operations
The landscape of information control in China has long attracted global scrutiny. Yet the recent disclosure of the Chinese cybersecurity firm KnowSec provides a fresh empirical window into the state-corporate nexus underpinning Beijing’s cyber-governance model. Although the leak is believed to originate from an earlier 2023 breach, the recovered documentation reveals a corporate infrastructure closely tied to the Chinese state’s security and intelligence apparatus. It includes references to surveillance platforms such as ZoomEye—a global vulnerability-scanning tool and mapping critical infrastructure in several countries, including India. The revelations reaffirm that China’s cyber sector does not merely operate within the commercial sphere but functions as an extension of state power and an enabler of both domestic control and foreign information operations.
Domestically, it censors and curates the information environment; internationally, it facilitates narrative warfare to reshape global discourse.
This incident is more than a data-security episode, illustrating the structure of China’s Great Firewall strategy, a dual system of containment and projection. Domestically, it censors and curates the information environment; internationally, it facilitates narrative warfare to reshape global discourse. Combined, these mechanisms form the backbone of a sophisticated disinformation ecosystem that challenges transparency and pluralism in democratic societies worldwide.
Chinese technology firms rarely act autonomously; their legal and political environment mandates cooperation with state security services. The KnownSec case exemplifies this dependency. The company’s collaboration with the Ministry of Public Security and the People’s Liberation Army (PLA) blurs the distinction between defensive cyber operations and offensive intelligence gathering. Moreover, the data-collection tools cited in the leak, aggregating social media information, passwords, and corporate metadata, mirror the tactics used in global influence and disinformation campaigns.
In this sense, the KnownSec revelations align with Australian Strategic Policy Institute findings on state-backed influence networks. Together, they reveal a clear state–corporate nexus, where Chinese technology firms’ commercial tools and data infrastructures are routinely leveraged for political ends, enabling coordinated digital operations that merge technical capacity, psychological messaging, and narrative control.
The Great Firewall of China (GFW) symbolises the institutionalisation of censorship and surveillance. The GFW integrates legal, technical, and ideological components to enforce information discipline. It filters external content, blocks foreign social media platforms, and systematically deletes politically sensitive material. This is not a passive barrier but an adaptive, machine-learning-enhanced system capable of real-time intervention.
Internally, such control constructs an “authoritarian resilience in cyberspace”. State actors and their corporate partners create a pseudo-pluralistic environment, allowing limited debate on apolitical issues while extinguishing dissent. Within this ecology, firms such as KnownSec provide the infrastructure for data collection and behavioural monitoring. Corporate materials and leaked technical descriptions indicate that products marketed as cyber-defence tools, such as ZoomEye and WeChat, in practice serve dual functions, operating not only for network protection but also for large-scale reconnaissance and potential system exploitation.
State actors and their corporate partners create a pseudo-pluralistic environment, allowing limited debate on apolitical issues while extinguishing dissent.
The centralisation of these capacities under the Cyberspace Administration of China (CAC) reflects a philosophy of “cyber sovereignty”. The Chinese Communist Party (CCP) asserts that each state has the right to control information within its borders, effectively redefining internet governance as an extension of national security. It, thus,, enables the state to mobilise private industry as an arm of ideological enforcement.
China’s internal information management system operates not merely as censorship but as narrative construction. According to King, Pan, and Roberts (2017), government-directed commentators—popularly known as the “50-cent army” produce hundreds of millions of posts annually. These are designed not to argue with critics but to distract public attention through entertainment, nationalism, or moral outrage.
Such tactics constitute a form of strategic distraction. By saturating online spaces with apolitical or patriotic content, the regime marginalises dissenting voices without overt confrontation. The resulting information landscape supports persuasive authoritarianism, a governance model that seeks voluntary compliance through emotive storytelling rather than coercion alone.
The surveillance and data-analysis platforms described in the KnowSec leak are integral to the upgraded propaganda. They allow the state to monitor sentiment, identify potential opinion leaders, and adjust messaging accordingly. Digital technologies thus render propaganda not only pervasive but personalised.
The proliferation of Chinese disinformation presents unique c hallenges for democracies. Open societies rely on transparency and freedom of expression— the same values that make them vulnerable to manipulation. Chinese operations exploit this vulnerability by blending authentic grievances with manufactured narratives, thereby diluting the credibility of democratic discourse.
The structural asymmetry persists because China operates a unified, state-driven information system, whereas democracies must balance intervention with civil liberties.
Moreover, democratic responses to disinformation often falter due to fragmented governance structures and media ecosystems. While the European Union has introduced counter-propaganda measures such as the East StratCom Task Force and the European External Action Service (EEAS), these remain reactive and episodic. The structural asymmetry persists because China operates a unified, state-driven information system, whereas democracies must balance intervention with civil liberties.
The KnownSec episode underscores the scale of this asymmetry. When a private cybersecurity firm effectively serves as a branch of state intelligence, the boundary between public and private, legal, and covert blurs. This integration grants China a strategic advantage in the information domain, a capacity for synchronised narrative warfare that democracies find difficult to match without compromising their principles.
Beyond its borders, Beijing deploys the same informational instruments for geopolitical influence. State media outlets like CGTN, Xinhua, and China Daily are used to serve global channels for controlled narratives, presenting China as a responsible and benevolent power.
In parallel with these official channels, covert influence operations exploit social media algorithms to disseminate disinformation. Graphika report (2020) identified the Spamouflage Dragon network, which used fake accounts across multiple platforms to promote Chinese government narratives and discredit Western critics.
Chinese information campaign shows a trait of “computational propaganda”, which is executed with a strategic use of automation and data analytics to manipulate public opinion. The Chinese campaigns aim less at immediate persuasion and more at eroding confidence in democratic information systems. By flooding digital spaces with contradictory claims, they foster cynicism and relativism.
China’s influence is not confined to information flows; it extends to the internet's physical and institutional architecture. Through its Digital Silk Road initiative, Chinese firms export telecommunications infrastructure, surveillance technologies, and training programmes to developing countries, facilitating an authoritarian learning loop that enables partner states to replicate China’s model of digital governance.
The KnownSec leak demonstrates how technological solutions designed for domestic control, such as vulnerability mapping and behavioural analytics, can be marketed internationally as security services.
By promoting the notion of cyber sovereignty, Beijing reframes internet control as a legitimate expression of statehood rather than repression. This discourse appeals to regimes seeking to curb dissent under the guise of national security. The KnownSec leak demonstrates how technological solutions designed for domestic control, such as vulnerability mapping and behavioural analytics, can be marketed internationally as security services. In effect, the Great Firewall becomes a global export brand for authoritarian resilience.
The ethical ramifications of China’s information regime are profound. Domestically, it subjects citizens to perpetual surveillance and behavioural engineering; internationally, it destabilises epistemic trust. The Great Firewall and its external derivatives do not inherently promote freedom; instead, they amplify the intentions of its controller, epitomising this paradox.
Geopolitically, China’s control over information functions as a tool of soft coercion. States and corporations dependent on Chinese technology risk entanglement in its normative framework of censorship and obedience. The export of cyber-governance norms through the Digital Silk Road thus constitutes a subtle yet far-reaching challenge to liberal democratic values.
The KnownSec revelations exposed the mechanics of a system that merges commercial innovation with political surveillance, defensive cybersecurity with offensive exploitation, and national security with ideological control. The absence of transparency ensures that the narrative, both within and about China, remains curated as per the CCP.
The KnownSec data leak offers a microcosmic view of China’s broader strategy of information dominance. It reveals a technological ecosystem in which private enterprises operate as instruments of state policy, supporting surveillance, data aggregation, and potential offensive operations.
Although India has developed a multi-layered system that forms the backbone of the digital security ecosystem, at times it operates without a unified coordination mechanism. Therefore, to confront this challenge, India needs to make its cyberspace more resilient through a unified Digital Coordination Framework. It should gradually institutionalise inter-agency cooperation through instruments such as the Rapid Alert System on Disinformation, which is swift during crises like the Op Sindoor and election seasons.
At the same time, India could secure cooperation with its international partners for a more structured information exchange and an agreement on collaboration between the Computer Emergency Response Team (CERT) of India and respective partner countries.
Ultimately, the contest between China’s authoritarian information model and liberal democratic openness is not only a geopolitical struggle but a moral one over whether truth should be engineered or discovered.
Soumya Awasthi is a Fellow, Centre for Security, Strategy and Technology at the Observer Research Foundation.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.
Dr Soumya Awasthi is Fellow, Centre for Security, Strategy and Technology at the Observer Research Foundation. Her work focuses on the intersection of technology and national ...
Read More +
PREV
