Cyber Incident Victim: Yunrun Big Data Service
Date:
Aug 2020
Location:
China
Summary
A hacker group named CCP Unmasked claimed responsibility for breaching Yunrun Big Data Service and two other Chinese social media monitoring firms, leaking alleged internal documents purportedly exposing state-linked disinformation campaigns and surveillance activities. The hackers released presentations and files—reportedly totaling 40GB—that suggested the companies developed tools to monitor global platforms like Facebook and Twitter for "anti-government groups" and opposition parties, often collaborating with intelligence and security agencies. While authenticity remained unverified, some documents contained verifiable non-public contact details. Twitter suspended the group’s account under its hacked materials policy. The hackers stated their intent was to challenge perceived Chinese government interference in democracy through fake news and online monitoring.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around August 19, 2020, hackers identifying as CCP Unmasked infiltrated the systems of three Chinese social media monitoring firms—Knowlesys, Yunrun Big Data Service, and OneSight—and exfiltrated internal company documents. The group claimed to have stolen approximately 40GB of data, including confidential presentations and Word files, which they alleged exposed state-linked disinformation campaigns and social media surveillance operations targeting domestic and international platforms. CCP Unmasked began leaking a subset of these documents via their Twitter account (@CCP_Unmasked) in September 2025, asserting the materials demonstrated the Chinese government’s use of private firms to monitor opposition groups, manipulate public opinion, and undermine democratic processes. Twitter suspended the account under its hacked materials policy shortly after the initial leaks, halting further public dissemination. The hackers stated their motivation was to challenge the Chinese Communist Party’s influence operations, though they declined to provide technical details about the breach methodology or the full scope of compromised data.
The leaked materials included a Knowlesys presentation labeled “highly confidential,” which described its “Intelligence Center” platform’s capability to monitor Facebook, Twitter, WeChat, and other platforms for “anti-government groups” and opposition party activities, noting collaborations with intelligence, military, and police agencies since at least 2012. While Motherboard could not independently verify all documents, internal contact details in the Knowlesys files matched nonpublic but active communication channels of its CEO, suggesting partial authenticity. None of the targeted firms—including Yunrun Big Data Service—responded to requests for comment. The breach exposed alleged operational ties between these companies and Chinese security services, including Knowlesys’ participation in international surveillance conferences like ISS World in Dubai and Milpol in Qatar. Impacts included temporary public exposure of proprietary monitoring techniques and client relationships, though broader consequences were limited by Twitter’s suspension of the leak campaign and the absence of verified large-scale data releases beyond the initial samples.