Virtual Event Today: Cloud & Data Security Summit - Join Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Government

China’s Top Cybersecurity Firms Hit by Mounting Military Procurement Bans

Chinese cybersecurity firms are facing action from the country’s military, but it’s not due to product or technical failures.

China APT

China’s military procurement system has suspended or permanently barred more than a dozen of the country’s leading cybersecurity vendors since 2024, according to new research from threat intelligence group Natto Thoughts. 

The findings, based on public notices from the military procurement network cross-referenced with corporate disclosures and Chinese media reports, identify at least 21 enforcement actions between 2021 and 2026 tied to contract bidding misconduct rather than product or technical failures.

The penalties fall under a three-tier system used by the People’s Liberation Army (PLA): a private warning list for early-stage concerns, a suspension list for confirmed but limited violations, and a public blacklist reserved for serious offenses that can carry lifetime bans extending to affiliated companies and executives.

[ Read: China, India-Linked Hackers Both Targeted Same Pakistani Police Force ]

One example is Beijing TopSec Network Security, an indirect subsidiary of TopSec Technologies Group. In 2024, the company was suspended from specific services for three years after it was accused of collusive bidding on an Army contract, but investigators later expanded the suspension to cover all military branches. In January 2026, following a two-year probe, authorities imposed a lifetime ban on all military procurement, the maximum penalty available.

Venustech Group followed a similar trajectory, but the impact on the company was less severe. Its subsidiary, Beijing Venustech Information Security Technology, was suspended from a regional military command in August 2024 and from all military bidding in February 2025. In April 2026, the sanctions escalated to include the parent company itself. However, the action remains a suspension rather than a permanent ban.

Advertisement. Scroll to continue reading.

Other firms named in the research include Qi An Xin’s Legendsec subsidiary, digital certificate provider BJCA, Kylinsec, Westone (CETC Cyber Security), and Huaru Technologies. Several of these companies are publicly traded or holders of classified systems and defense-related qualifications.

These firms occupy a dual role in China’s security ecosystem, according to Eugenio Benincasa, a China-focused cybersecurity researcher at ETH Zurich, who co-authored the report [subscription required] with Natto Thoughts co-founder Mei Danowski.

On the defensive side, Benincasa told SecurityWeek, companies like TopSec and Venustech pioneered China’s firewall market, while Qi An Xin has built a strong position in threat intelligence. 

None of the firms have been publicly linked to directly operating offensive hacking groups, Benincasa said, but they have long-standing ties to the PLA and China’s security services, supporting military cyber operations through training and service provision, and, in Qi An Xin’s case, through investments in companies tied to known Chinese APT activity.

The Natto team ties the increase in enforcement to a broader shift in PLA procurement oversight, including 2024 regulations on competitive bidding for military equipment and the growing enforcement role of China’s newly formed Cyberspace Force, which the report credits with six of the reviewed violation cases.

The researchers also point to commercial pressure as a contributing factor. For instance, Venustech’s early-2025 outlook cited softening security budgets and a market pivot toward AI- and data-driven demand, a shift that TopSec appears to be navigating as well.

Despite the penalties, the report concludes that the Chinese military still depends heavily on these firms for modernization, framing the crackdown as an effort to professionalize defense acquisition rather than evidence that China’s cybersecurity capabilities are weakening.

Related: Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos

Related: China Revives Tianfu Cup Hacking Contest Under Increased Secrecy

Related: Cybersecurity Firms React to China’s Reported Software Ban

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

N-able has appointed Russell Rosa as Chief Revenue Officer.

Stacy O'Mara has joined Armadin as Chief Policy Officer and Director of Global Government Affairs.

F5 has appointed Cathy Peterman as Chief People Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.