Hackers leaked 600 GB of knowledge linked to the Nice Firewall of China, exposing paperwork, code, and operations. Full particulars obtainable on the GFW Report.
On Thursday, September 11, 2025, what’s being described as the biggest leak linked to the Nice Firewall of China surfaced on-line, with almost 600 GB of fabric allegedly containing supply code, inside communications, work logs, and technical documentation from teams mentioned to be concerned in constructing and sustaining the system.
The information was leaked by Enlace Hacktivista, beforehand linked to the Cellebrite knowledge leak. The collective claims that the paperwork have been traced to Geedge Networks and the MESA Lab on the Chinese language Academy of Sciences’ Institute of Data Engineering. Each have lengthy been central to the Firewall’s analysis and improvement, with Geedge led by Fang Binxing, usually known as the “Father of the Nice Firewall.”
In keeping with the information, their attain spreads outdoors China’s borders, supplying censorship and surveillance expertise to governments in Myanmar, Pakistan, Ethiopia, Kazakhstan, and others linked to the Belt and Street Initiative.
How the leak surfaced
The revealed materials is offered for obtain by each BitTorrent and direct hyperlinks. The bundle features a huge mirror/repo.tar file weighing 500 GB, principally an archive of the RPM (Crimson Hat Bundle Supervisor) packaging server, alongside compressed doc units from Geedge and MESA. In complete, the information comprise tens of 1000’s of pages and repositories, providing a uncommon window into the infrastructure behind the Firewall.
What makes this knowledge leak completely different from common ones is the depth of element. As analysed by Hackread.com, it’s not a single whistleblower’s memo or a couple of emails, however a large assortment of uncooked operational knowledge that traces years of improvement and collaboration. Analysts from Net4People and impartial researchers are additionally placing collectively how these information describe the Firewall’s evolution, enlargement, and export.
The file tree tells its personal story
Even earlier than digging deeper into the supply code, the construction of the leaked archive offers clear perception into issues. For instance, geedge_docs.tar.zst and mesalab_docs.tar.zst comprise 1000’s of inside stories, venture descriptions, and technical proposals. File names like CTF-AWD.docx, BRI.docx, and CPEC.docx recommend connections to Belt and Street Initiative initiatives and worldwide collaborations.
Undertaking administration information, corresponding to geedge_jira.tar.zst, spotlight day-to-day coordination between researchers and engineers, whereas communication drafts, like chat.docx and a number of schedule paperwork, present the granular planning that went into censorship operations. Even routine administrative information corresponding to 打印.docx (Print) and reimbursement-related proofs point out how deeply routine and bureaucratic this equipment has grow to be.
The mirror listing itself, with its exhaustive filelist.txt, is an archive of software program packages supporting Firewall operations. It exhibits that the Firewall isn’t just a political venture but in addition a technical one, maintained by packaging servers and code repositories, very similar to any large-scale company software program system.
Tracing the roots of MESA and Geedge
The background included within the leak offers an in depth timeline of MESA’s formation and progress. Established in 2012 on the Institute of Data Engineering, MESA grew rapidly by expertise applications, analysis grants, and authorities contracts. By 2016, it was dealing with initiatives price greater than 35 million yuan yearly and contributing to national-level awards in cybersecurity.
When Geedge Networks was based in 2018 in Hainan, Fang Binxing served as its chief scientist, bringing with him a cadre of MESA researchers and college students. The corporate quickly turned a key personal accomplice to Chinese language authorities, supporting censorship operations not solely domestically but in addition as an exporter of surveillance options overseas.
A Severe Information Leak
Consultants might have months to analyse the supply code, however the paperwork already again up what many observers have been claiming for years. The Nice Firewall will not be a hard and fast system; it’s a rising community formed by authorities contracts, analysis institutes, and personal firms.
The hacktivists behind this leak warn that downloading and inspecting these information ought to solely be completed in remoted environments. Given the sensitivity of the content material, there’s all the time the danger that malware or monitoring components might be embedded within the archives. Nonetheless, for researchers and rights teams, the trove presents a possibility to grasp how the Firewall operates and the way its affect spreads.
Analysts at Net4People and GFW Report plan to share extra findings as they undergo the supply code. For now, the leak presents an uncommon take a look at how the system operates, and it’ll take time to grasp the total weight of what has been uncovered.
Full particulars, together with technical materials and obtain hyperlinks, can be found on the GFW Report.
