ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Research
  • Threat Analysis Brief Reports
Geedge Networks Leak: Exporting China’s Great Firewall to the World
2025.11.05

✅ Report Title: Geedge Networks Leak - Exporting China’s Great Firewall to the World



✅ Executive Summary:


- Over the past two decades, the Chinese government has developed a sophisticated model of internet control, exporting this technology to other nations under the pretext of “digital sovereignty.”


- On September 12, 2025, Mingshi Wu from the Great Firewall Report disclosed a significant data breach involving Geedge Networks and MESALab.


- The leaked materials revealed direct links between Geedge Networks, MESALab, and the core architects of the Great Firewall, as well as evidence of technology exports to authoritarian regimes.



📌 Corporate and Individual Connections


- Geedge Networks is a Chinese private cybersecurity company that commercializes and sells technologies modeled after the Great Firewall.


- The Great Firewall, Geedge Networks, and MESALab are directly connected through key individuals.
  - Fang Binxing, known as the chief architect of the Great Firewall, and Zheng Chao, a former MESALab researcher and current CTO of Geedge Networks, were identified as indirect investors in the company.



📌 Overview of the Leak and Analytical Findings


- The leaked data consisted of internal documents, source code, and project management archives, including:
  - Geedge Networks: RPM package repositories, internal Confluence documentation, and JIRA data dumps.
  - MESALab: internal Confluence data and full GitHub repository bundles.


- Timestamp analysis indicates the breach likely occurred in late November 2024.


- The data was subsequently analyzed by multiple research and media organizations over approximately nine months, resulting in the publication of reports and articles detailing the findings.


- Analysis confirmed that Geedge Networks exported internet censorship and surveillance systems to several authoritarian and military regimes, including Kazakhstan, Ethiopia, Pakistan, and Myanmar.


- These systems were deployed within national ISPs to enable state-level censorship, traffic interception, and subscriber surveillance.


- Key Products Developed by Geedge Networks:
  - TSG (Tiangou Secure Gateway): A traffic management platform enabling the tracking and control of network communications, functionally aligned with China’s Great Firewall.
  - TSG Galaxy: A database system for aggregating and managing network-related metadata collected by TSG.
  - Cyber Narrator: A network monitoring and analytics solution developed by Geedge Networks.



📌 Technical Implications


- Sanctions Evasion and Circumvention Tool Neutralization:
  - Geedge’s products are designed for compatibility with a wide range of commercial hardware, allowing the company to evade vendor-specific sanctions.
  - The company continues to develop capabilities to detect and block major circumvention tools such as VPNs, Tor, and Psiphon, highlighting the urgent need for collaborative countermeasures within the global technical community.



🧑‍💻 Report Author: S2W TALON


👉 Contact us: https://s2w.inc/en/contact


*The full report is available upon request and for QUAXAR subscribers.


Product
How AI is Transforming Cybersecurity: The Role of AI in QUAXAR
2025.10.31
Previous
News Highlights
Weekly Darkweb in October W5
2025.11.05
Next
List