CAS
Company Details
Linkedin ID:
chinese-academy-of-sciences
Website:
Employees number:
14,863
Number of followers:
66,403
NAICS:
5417
Industry Type:
Homepage:
cas.cn
IP Addresses:
0
Company ID:
CHI_8631860
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Chinese Academy of Sciences Vendor Cyber Rating & Cyber Score
cas.cnThe Chinese Academy of Sciences (CAS) is the lead national scientific institution in natural sciences and high technology development in China and the country's supreme scientific advisory body. It incorporates three major parts: a comprehensive research and development network consisting of 104 research institutes, a traditional merit-based national academy as represented by its Academic Divisions and a system of higher education based on its affiliated 3 universities and the support of its research institutes. CAS has served as the major national strategic research force since founding in November 1949 and has left its deep footprints in Chinese S&T and the overall development of China's national innovation system.
Chinese Academy of Sciences A.I CyberSecurity Scoring
CAS Risk Score (AI oriented)Between 750 and 799
CAS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CAS Global Score (TPRM)XXXX
CAS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CAS Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Bangladeshi Government and Chinese Government: Expanding Bitter APT operation exposed
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Bitter APT Expands Cyberespionage Campaigns with Sophisticated Tools and Targets The advanced persistent threat (APT) group Bitter (also known as TA397, APT-C-08, Orange Yali, and Hazy Tiger), linked to the Indian government, has intensified its cyberespionage operations. According to a joint analysis by Proofpoint and Threatray, the group has launched spear-phishing attacks impersonating government and diplomatic entities from Bangladesh, Pakistan, China, and South Korea, aiming to deploy malicious payloads. Bitter’s recent campaigns have leveraged multiple tools, including: - KugelBlitz and BDarkRAT payloads for system compromise. - ArtraDownloader, which deploys the WSCSPL backdoor for system data exfiltration. - Almond RAT and MuuyDownloader trojans for remote access and persistence. - ORPCBackdoor, previously associated with the Mysterious Elephant threat actor another group tied to Indian APTs SideWinder and Confucius. - KiwiStealer, an information-stealing malware designed to harvest sensitive data. The findings highlight Bitter’s evolving tactics, combining social engineering with a diverse arsenal of malware to conduct targeted espionage. The group’s infrastructure and toolset suggest continued alignment with state-sponsored objectives.
CAS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CAS
Incidents vs Research Services Industry Average (This Year)
No incidents recorded for Chinese Academy of Sciences in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Chinese Academy of Sciences in 2026.
Incident Types CAS vs Research Services Industry Avg (This Year)
No incidents recorded for Chinese Academy of Sciences in 2026.
Incident History — CAS (X = Date, Y = Severity)
CAS cyber incidents detection timeline including parent company and subsidiaries
CAS Company Subsidiaries
The Chinese Academy of Sciences (CAS) is the lead national scientific institution in natural sciences and high technology development in China and the country's supreme scientific advisory body. It incorporates three major parts: a comprehensive research and development network consisting of 104 research institutes, a traditional merit-based national academy as represented by its Academic Divisions and a system of higher education based on its affiliated 3 universities and the support of its research institutes. CAS has served as the major national strategic research force since founding in November 1949 and has left its deep footprints in Chinese S&T and the overall development of China's national innovation system.
Loading...
CAS Similar Companies
Los Alamos National Laboratory
Los Alamos National Laboratory is one of the world’s most innovative multidisciplinary research institutions. We're engaged in strategic science on behalf of national security to ensure the safety and reliability of the U.S. nuclear stockpile. Our workforce specializes in a wide range of progressive
Technical University of Munich
Our university combines top-class facilities for cutting-edge research with unique learning opportunities for 52,000 students. Whether our researchers are investigating the origins of life, matter and the universe or looking for solutions to the major challenges for our society, people lie at the he
The University of Edinburgh
Imagine what you could do at a world-leading university that is globally recognised for its teaching, research and innovation. The University of Edinburgh has been providing students with world-class teaching for more than 425 years, unlocking the potential of some of the world's leading thinkers
CNRS
The French National Centre for Scientific Research is among the world's leading research institutions. Its scientists explore the living world, matter, the Universe, and the functioning of human societies in order to meet the major challenges of today and tomorrow. Internationally recognised for the
Politecnico di Milano
Politecnico Milano is a scientific-technological university which trains engineers, architects and designers. The University has always focused on the quality and innovation of its teaching and research, developing a fruitful relationship with business and productive world by means of experimental
University of Amsterdam
The University of Amsterdam is one of the largest comprehensive universities in Europe. With some 44,000 students, 6,000 staff, 3,000 PhD candidates, and an annual budget of more than 850 million euros, it is also one of Amsterdam’s biggest employers. There is an inseparable link between the unive
UCL
UCL (University College London) is London's leading multidisciplinary university, ranked 9th in the QS World University Rankings. Established in 1826 UCL opened up education in England for the first time to students of any race, class or religion and was also the first university to welcome female
Utrecht University
At Utrecht University (UU), we are working towards a better world. We do this by researching complex issues beyond the borders of disciplines. We put thinkers in contact with doers, so new insights can be applied. We give students the space to develop themselves. In so doing, we make substantial con
CEA
The CEA is the French Alternative Energies and Atomic Energy Commission ("Commissariat à l'énergie atomique et aux énergies alternatives"). It is a public body established in October 1945 by General de Gaulle. A leader in research, development and innovation, the CEA mission statement has two main
.png)
CAS CyberSecurity News
March 10, 2026 07:00 AM
Japan and ASEAN cooperate on cybersecurity measures
We believed we had taken the necessary and sufficient measures. However, this attack was advanced and sophisticated beyond what we had...
February 22, 2026 08:00 AM
NDSS 2025 - The Midas Touch: Triggering The Capability Of LLMs For RM-API Misuse Detection
Session 13B: API Security Authors, Creators & Presenters: Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences,...
January 07, 2026 08:00 AM
Researchers Manipulate Stolen Data to Corrupt AI Models and Generate Inaccurate Outputs
Researchers from the Chinese Academy of Sciences and Nanyang Technological University have introduced AURA, a novel framework to safeguard...
December 12, 2025 08:00 AM
China’s hackers used Cisco courses as secret training ground
Cisco training alumni linked to Chinese hacking group Salt Typhoon, raising concerns that global tech education may be fueling Beijing's...
December 05, 2025 08:00 AM
Jain to help India update national ID (Aadhaar) innovation roadmap
Anil Jain, University Distinguished Professor and the Douglas E. Zongker Endowed Professor of Engineering at Michigan State University,...
November 29, 2025 08:00 AM
The Philippines: Initiatives to Boost Cybersecurity and Online Safety
Two DICT–UPDEPPO initiatives aim to boost online safety and expand the country's cybersecurity workforce as part of its broader national...
October 20, 2025 07:00 AM
MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems
China claims the NSA led a 2022 cyberattack on its National Time Service Center using 42 tools.
October 20, 2025 07:00 AM
China accuses US of cyber breaches at national time centre
The ministry said it found evidence tracing stolen data and credentials as far back as 2022.
October 20, 2025 07:00 AM
Cyber aggression part and parcel of hegemony: China Daily editorial
In a revelation that puts the spotlight on the cyber warfare waged by the United States, China's state security authorities announced they...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CAS CyberSecurity History Information
Official Website of Chinese Academy of Sciences
The official website of Chinese Academy of Sciences is http://english.cas.cn/.
Chinese Academy of Sciences’s AI-Generated Cybersecurity Score
According to Rankiteo, Chinese Academy of Sciences’s AI-generated cybersecurity score is 761, reflecting their Fair security posture.
How many security badges does Chinese Academy of Sciences’ have ?
According to Rankiteo, Chinese Academy of Sciences currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Chinese Academy of Sciences been affected by any supply chain cyber incidents ?
According to Rankiteo, Chinese Academy of Sciences has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Chinese Academy of Sciences have SOC 2 Type 1 certification ?
According to Rankiteo, Chinese Academy of Sciences is not certified under SOC 2 Type 1.
Does Chinese Academy of Sciences have SOC 2 Type 2 certification ?
According to Rankiteo, Chinese Academy of Sciences does not hold a SOC 2 Type 2 certification.
Does Chinese Academy of Sciences comply with GDPR ?
According to Rankiteo, Chinese Academy of Sciences is not listed as GDPR compliant.
Does Chinese Academy of Sciences have PCI DSS certification ?
According to Rankiteo, Chinese Academy of Sciences does not currently maintain PCI DSS compliance.
Does Chinese Academy of Sciences comply with HIPAA ?
According to Rankiteo, Chinese Academy of Sciences is not compliant with HIPAA regulations.
Does Chinese Academy of Sciences have ISO 27001 certification ?
According to Rankiteo,Chinese Academy of Sciences is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Chinese Academy of Sciences
Chinese Academy of Sciences operates primarily in the Research Services industry.
Number of Employees at Chinese Academy of Sciences
Chinese Academy of Sciences employs approximately 14,863 people worldwide.
Subsidiaries Owned by Chinese Academy of Sciences
Chinese Academy of Sciences presently has no subsidiaries across any sectors.
Chinese Academy of Sciences’s LinkedIn Followers
Chinese Academy of Sciences’s official LinkedIn profile has approximately 66,403 followers.
NAICS Classification of Chinese Academy of Sciences
Chinese Academy of Sciences is classified under the NAICS code 5417, which corresponds to Scientific Research and Development Services.
Chinese Academy of Sciences’s Presence on Crunchbase
No, Chinese Academy of Sciences does not have a profile on Crunchbase.
Chinese Academy of Sciences’s Presence on LinkedIn
Yes, Chinese Academy of Sciences maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/chinese-academy-of-sciences.
Cybersecurity Incidents Involving Chinese Academy of Sciences
As of April 02, 2026, Rankiteo reports that Chinese Academy of Sciences has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Chinese Academy of Sciences has an estimated 5,508 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Chinese Academy of Sciences ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
Incident Details
Can you provide details on each incident ?
Title: Bitter APT Cyberespionage Campaigns
Description: More expansive cyberespionage campaigns have been launched by the advanced persistent threat operation Bitter, associated with the Indian government. The group, also known as TA397, APT-C-08, Orange Yali, and Hazy Tiger, deployed spear-phishing attacks impersonating Bangladeshi, Pakistani, Chinese, and South Korean governments and diplomatic entities, as well as malicious intrusions to deliver KugelBlitz and BDarkRAT payloads. The campaign involved multiple tools, including ArtraDownloader, WSCSPL backdoor, Almond RAT, MuuyDownloader trojans, ORPCBackdoor, and KiwiStealer information-stealing malware.
Type: Cyberespionage
Attack Vector: Spear-phishingMalicious intrusions
Threat Actor: Bitter (TA397, APT-C-08, Orange Yali, Hazy Tiger)
Motivation: Cyberespionage
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyberespionage GOVCHI1766628286
Data Compromised: System data, sensitive information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are System Data, Sensitive Information and .
Which entities were affected by each incident ?
Incident : Cyberespionage GOVCHI1766628286
Entity Name: Bangladeshi government entities
Entity Type: Government
Industry: Government/Diplomacy
Location: Bangladesh
Incident : Cyberespionage GOVCHI1766628286
Entity Name: Pakistani government entities
Entity Type: Government
Industry: Government/Diplomacy
Location: Pakistan
Incident : Cyberespionage GOVCHI1766628286
Entity Name: Chinese government entities
Entity Type: Government
Industry: Government/Diplomacy
Location: China
Incident : Cyberespionage GOVCHI1766628286
Entity Name: South Korean government entities
Entity Type: Government
Industry: Government/Diplomacy
Location: South Korea
Data Breach Information
What type of data was compromised in each breach ?
Incident : Cyberespionage GOVCHI1766628286
Type of Data Compromised: System data, Sensitive information
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Cyberespionage GOVCHI1766628286
Source: The Hacker News
Incident : Cyberespionage GOVCHI1766628286
Source: Proofpoint and Threatray joint analysis
Incident : Cyberespionage GOVCHI1766628286
Source: Knownsec 404 Team
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: The Hacker News, and Source: Proofpoint and Threatray joint analysis, and Source: Knownsec 404 Team.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Bitter (TA397, APT-C-08, Orange Yali and Hazy Tiger).
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were System data and sensitive information.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were System data and sensitive information.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Knownsec 404 Team, The Hacker News and Proofpoint and Threatray joint analysis.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=chinese-academy-of-sciences' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
