Hackers leaked 600 GB of knowledge linked to the Nice Firewall of China, exposing paperwork, code, and operations. Full particulars obtainable on the GFW Report.
On Thursday, September 11, 2025, what’s being described as the most important leak linked to the Nice Firewall of China surfaced on-line, with almost 600 GB of fabric allegedly containing supply code, inner communications, work logs, and technical documentation from teams stated to be concerned in constructing and sustaining the system.
The info was leaked by Enlace Hacktivista, beforehand linked to the Cellebrite information leak. The collective claims that the paperwork had been traced to Geedge Networks and the MESA Lab on the Chinese language Academy of Sciences’ Institute of Data Engineering. Each have lengthy been central to the Firewall’s analysis and improvement, with Geedge led by Fang Binxing, usually known as the “Father of the Nice Firewall.”
In line with the information, their attain spreads exterior China’s borders, supplying censorship and surveillance know-how to governments in Myanmar, Pakistan, Ethiopia, Kazakhstan, and others linked to the Belt and Street Initiative.
How the leak surfaced
The revealed materials is on the market for obtain by means of each BitTorrent and direct hyperlinks. The bundle features a huge mirror/repo.tar file weighing 500 GB, principally an archive of the RPM (Purple Hat Bundle Supervisor) packaging server, alongside compressed doc units from Geedge and MESA. In whole, the information comprise tens of hundreds of pages and repositories, providing a uncommon window into the infrastructure behind the Firewall.
What makes this information leak totally different from standard ones is the depth of element. As analysed by Hackread.com, it’s not a single whistleblower’s memo or just a few emails, however an enormous assortment of uncooked operational information that traces years of improvement and collaboration. Analysts from Net4People and impartial researchers are additionally placing collectively how these information describe the Firewall’s evolution, growth, and export.
The file tree tells its personal story
Even earlier than digging deeper into the supply code, the construction of the leaked archive provides clear perception into issues. For instance, geedge_docs.tar.zst and mesalab_docs.tar.zst comprise hundreds of inner experiences, mission descriptions, and technical proposals. File names like CTF-AWD.docx, BRI.docx, and CPEC.docx counsel connections to Belt and Street Initiative initiatives and worldwide collaborations.
Venture administration data, corresponding to geedge_jira.tar.zst, spotlight day-to-day coordination between researchers and engineers, whereas communication drafts, like chat.docx and a number of schedule paperwork, present the granular planning that went into censorship operations. Even routine administrative information corresponding to 打印.docx (Print) and reimbursement-related proofs point out how deeply routine and bureaucratic this equipment has develop into.
The mirror listing itself, with its exhaustive filelist.txt, is an archive of software program packages supporting Firewall operations. It exhibits that the Firewall is not only a political mission but additionally a technical one, maintained by means of packaging servers and code repositories, very similar to any large-scale company software program system.
Tracing the roots of MESA and Geedge
The background included within the leak gives an in depth timeline of MESA’s formation and progress. Established in 2012 on the Institute of Data Engineering, MESA grew shortly by means of expertise applications, analysis grants, and authorities contracts. By 2016, it was dealing with initiatives price greater than 35 million yuan yearly and contributing to national-level awards in cybersecurity.
When Geedge Networks was based in 2018 in Hainan, Fang Binxing served as its chief scientist, bringing with him a cadre of MESA researchers and college students. The corporate quickly grew to become a key personal companion to Chinese language authorities, supporting censorship operations not solely domestically but additionally as an exporter of surveillance options overseas.
A Severe Knowledge Leak
Specialists might have months to analyse the supply code, however the paperwork already again up what many observers have been claiming for years. The Nice Firewall isn’t a set system; it’s a rising community formed by authorities contracts, analysis institutes, and personal firms.
The hacktivists behind this leak warn that downloading and analyzing these information ought to solely be finished in remoted environments. Given the sensitivity of the content material, there may be at all times the danger that malware or monitoring components may very well be embedded within the archives. Nonetheless, for researchers and rights teams, the trove provides a chance to know how the Firewall operates and the way its affect spreads.
Analysts at Net4People and GFW Report plan to share extra findings as they undergo the supply code. For now, the leak provides an uncommon take a look at how the system operates, and it’ll take time to know the complete weight of what has been uncovered.
Full particulars, together with technical materials and obtain hyperlinks, can be found on the GFW Report.
