A recent analysis of leaked data from the Chinese cybersecurity firm TopSec suggests that the company provides censorship-as-a-service solutions to clients, including a state-owned enterprise in China.
TopSec, established in 1995, offers services like Endpoint Detection and Response (EDR) and vulnerability scanning. However, researchers from SentinelOne, Alex Delamotte and Aleksandar Milenkoski, have found that the company also provides bespoke solutions to align with government initiatives and intelligence requirements, as stated in a report shared with The Hacker News.
The leaked data, containing infrastructure details and work logs from employees, reveals references to web content monitoring services used to enforce censorship for both public and private sector clients.
It appears that TopSec provided customized monitoring services to a state-owned enterprise that was involved in a corruption scandal, indicating that such platforms are used to monitor and control public opinion as needed.
The leaked data includes a contract for a “Cloud Monitoring Service Project” announced by the Shanghai Public Security Bureau in September 2024.
The project involves continuous monitoring of websites within the Bureau’s jurisdiction to identify security issues and content changes, and to provide incident alerts.
The platform is designed to detect hidden links in web content, as well as content containing sensitive words related to politics, violence, or explicit content.
Although the exact goals are unclear, it is suspected that such alerts could be used by clients to take further actions, such as issuing warnings, deleting content, or restricting access when sensitive words are detected. According to public documents analyzed by SentinelOne, Shanghai Anheng Smart City Security Technology Co. Ltd. won the contract.
The cybersecurity firm discovered the leak after analyzing a text file uploaded to the VirusTotal platform on January 24, 2025. The manner in which the data was leaked remains unknown.
“The main file we analyzed contains numerous work logs, which describe the work performed by a TopSec employee and the time taken, often accompanied by scripts, commands, or data related to the task,” the researchers noted.
“In addition to work logs, the leak contains many commands and playbooks used to administrate TopSec’s services via multiple common DevOps and infrastructure technologies, including Ansible, Docker, ElasticSearch, Gitlab, Kafka, Kibana, Kubernetes, and Redis.”
The leak also includes references to a framework named Sparta (or Sparda), designed to handle sensitive word processing by receiving content from downstream web applications via GraphQL APIs, further suggesting censorship keyword monitoring.
“These leaks provide insight into the complex ecosystem of relationships between government entities and China’s private sector cybersecurity companies,” the researchers said.
“While many countries have significant overlap between government requirements and private sector cybersecurity firms, the ties between these entities in China are much deeper and represent the state’s grasp on managing public opinion through online enforcement.”
