A Taiwanese Vestige in the
Geedge Supply Chain
Executive Summary
A Taiwanese company, ADLINK Technologies, supplied over 1,700 units of specialized networking hardware to Geedge Networks, a Chinese company that builds and exports state-level internet censorship and surveillance systems. ADLINK confirmed the shipment to InterSecLab, stating that its export compliance process did not identify the end use because Geedge did not disclose it. The hardware was deployed in Kazakhstan to operate Geedge’s Tiangou Secure Gateway (TSG), a product with capabilities comparable to China’s Great Firewall.
What we found
ADLINK Technologies shipped 1,708 CSA-7400 network appliance units to Geedge Networks between 2019 and 2020. These units formed the basis of Geedge’s first-generation firewall platform, deployed in Kazakhstan to enable state-level internet censorship and surveillance. The CSA-7400 is a high-density networking platform marketed for firewall and deep packet inspection applications.
ADLINK hardware also appears in Geedge’s EtherFabric, a custom-built network packet broker used to load-balance traffic across multiple TSG nodes, deployed in Myanmar. A MAC address found in leaked documentation traces back to ADLINK, indicating that the company’s components remain embedded in Geedge’s product line beyond the original CSA-7400 transaction.
Geedge’s current-generation TSG hardware, deployed in Ethiopia, Pakistan and Myanmar, relies on servers from Nettrix, a subsidiary of the U.S.-sanctioned Chinese supercomputer company Sugon, and storage from Inspur. These are standard x86 servers comparable to commodity hardware from Dell or HP, and their components could likely be sourced from secondary markets even if direct procurement was restricted.
Why it matters
ADLINK’s export compliance review did not flag a shipment of over 1,700 specialized networking units to a Chinese company, despite the hardware being purpose-built for the kind of deep packet inspection that underpins internet censorship. ADLINK told InterSecLab that Geedge did not disclose the final application during the purchase process.
Taiwan’s existing export control framework, which references international non-proliferation regimes and maintains entity lists based on UN and allied-country sanctions, did not prevent this transfer. The Taiwan Ministry of Economic Affairs, responding to InterSecLab’s inquiry, described this framework but declined to address the specific case, citing legal constraints. Taiwanese lawmaker Puma Shen argued that the current approach is insufficient, calling on the government to create its own entity list rather than relying solely on U.S. and EU lists, and to develop clearer standards for when component manufacturers bear responsibility for end use.
While Geedge’s software stack is based on open-source software and much of its current-generation hardware uses commodity server components, the ADLINK hardware is a notable exception. The CSA-7400 is a specialized high-density platform designed and marketed for deep packet inspection and firewall applications, and EtherFabric is a bespoke network appliance that Geedge designed from scratch to load-balance traffic across its surveillance nodes. Neither can be easily sourced on secondary markets, making them more viable targets for export control measures.
This distinction is critical for policymakers. Supply chain interventions may have limited impact on commodity components, but specialized surveillance-capable hardware like the CSA-7400 and components used in EtherFabric are exactly where stronger due diligence and export controls can be most effective.
Geedge Networks' Supply Chain: A Closer Look
Geedge Networks is a Chinese company that builds and sells turnkey internet censorship and surveillance systems to governments. Its flagship product, Tiangou Secure Gateway (TSG), is a firewall appliance with capabilities comparable to China’s Great Firewall. It can monitor, filter and block internet traffic at a national scale. The product suite also includes Cyber Narrator, an analyst tool for querying the surveillance data that TSG collects, and Network Zodiac, asset-management software for monitoring and maintaining the deployment.
After publishing our report, ‘The Internet Coup’, which detailed Geedge’s products and their deployment to authoritarian governments, we are now producing a series of investigations examining the suppliers and vendors behind Geedge’s operations. This first installment focuses on the server and networking hardware that Geedge depends on to build and operate its product suite.
Where Geedge’s system differs from a typical corporate firewall is in scale. Instead of one appliance protecting one office network, Geedge can deploy clusters of firewall nodes across a country’s ISPs to monitor terabits of traffic per second. It achieves this by using network packet brokers (NPBs) to load-balance live traffic across multiple TSG nodes operating together. The hardware is installed in local ISP data centers but is owned by the client government, and is managed remotely from a central command site. Geedge engineers in China also maintain remote access to provide technical support.
Geedge’s entire software stack is built on open-source foundations. Its operating system, TSG-OS, is based on Rocky Linux (previously CentOS), and its network packet processing relies on Intel’s open-source DPDK toolkit. The leaked documents show that after a meeting with government officials, Geedge considered switching to Huawei’s EulerOS but rejected it because of high licensing fees. This open-source foundation allows Geedge’s software to run on most commodity x86 server hardware. Leaked RPM repositories also indicate that Geedge is porting its software to domestically produced ARM-based CPUs from HiSilicon (part of Huawei), though there is no sign of support for the Loongson CPU architecture.
Geedge either supplies all server hardware to its government clients directly, or in some cases installs its software on the customer’s existing equipment. In Pakistan, for example, Geedge installed TSG-OS on servers previously used for a national firewall from Sandvine Inc. (since renamed AppLogic Networks following U.S. sanctions and their subsequent lifting).
Geedge has supplied three successive generations of server hardware to run its TSG firewall appliances. Each generation changed the server hardware vendor while retaining the same overall design: offloading packet handling and deep packet inspection across multiple compute nodes. Each generation was deployed to different customer sites.
First generation: TSG-ADC (Kazakhstan)
The first-generation TSG platform, TSG-ADC, was built on the CSA-7400, a high-density 4U network enclosure from the Taiwanese company ADLINK Technologies. Each CSA-7400 unit contained an Ethernet switching board using Intel’s FM10000 chip and four x86 compute modules running Geedge’s TSG-OS. One compute module handled packet ingress and determined whether packets should be forwarded to the other three for heavier processing such as deep packet inspection. Capacity was increased by interconnecting multiple CSA-7400 units using link aggregation (LAG) or a third-party network packet broker.
Core functions including DPI were implemented by Geedge, while some load-balancing features depended on ADLINK’s PacketManager software and Intel’s Testpoint tool for configuring the FM10000 switching chip. According to a leaked document, ADLINK supplied Geedge directly with Testpoint, software that is normally available only under a licensing agreement with Intel.
Leaked documents indicate this configuration was deployed exclusively at the Kazakhstan (K18) customer site. ADLINK confirmed to InterSecLab that it shipped 1,708 CSA-7400 units to Geedge between 2019 and early 2020.
Second generation: TSG-9140 (Ethiopia)
The second-generation platform, TSG-9140, used the AdvancedTCA (ATCA) form factor common in telecommunications equipment rather than standard rack servers. It appears to be based on the VELA ATCA platform from Chinese company Beijing Hengguang Information Technology. The platform includes a cabinet with a switching board that, according to leaked documentation, uses a 3.2 Tbit/s Barefoot Networks programmable switching chip (Barefoot has been part of Intel since 2019). Multiple ATCA compute modules slot into the cabinet and interconnect over the ATCA backplane.
The leaked Git repository “tango_9140_hardware” contains firmware, software and Ansible configuration scripts for this hardware. A binary named jut_shm includes a copyright notice suggesting some components may be supplied by another Chinese company, Shanghai Joinus Technology Corporation.
Leaked documents show the TSG-9140 was deployed exclusively at the Ethiopia (E21) customer site.
Current generation: TSG-X (Ethiopia, Pakistan, Myanmar)
The current generation, TSG-X, uses Nettrix servers for the primary TSG compute nodes and Inspur servers for storage hosting the surveillance data used by Cyber Narrator. Nettrix is a subsidiary of Sugon, a Chinese supercomputer maker that is already sanctioned by the U.S. government. Like Geedge, Sugon originated as a spinoff from research at the Chinese Academy of Sciences.
While the servers are assembled by Nettrix, they use commodity x86 Intel processors and Mellanox (part of NVIDIA since 2020) fiber-optic network cards. These are standard server components comparable to general-purpose hardware from Dell or HP.
TSG-X is deployed at the Ethiopia (E21), Pakistan (P19) and Myanmar (M22) customer sites. In Pakistan, Geedge’s TSG-X hardware supplements servers that were previously used for a national firewall from Sandvine Inc., on which Geedge also installed its software.
EtherFabric: Geedge’s custom network packet broker
To scale its firewall across an entire country’s internet traffic, Geedge uses network packet brokers (NPBs) to load-balance traffic across multiple TSG nodes. While commercial NPBs from other manufacturers can serve this purpose, and the leak shows Geedge reused the customer’s Niagara Networks NPBs in the Pakistan deployment, Geedge also designed its own NPB called EtherFabric. It is the only bespoke hardware product the company is known to have designed from scratch.
Photo found in the Geedge leak of the EtherFabric hardware, the only bespoke hardware from Geedge Networks.
EtherFabric appears to reuse the same VELA ATCA hardware from Beijing Hengguang Information Technology as the TSG-9140, though it serves a different function. Leaked documentation also indicates that some networking components may be supplied by ADLINK Technologies, the same Taiwanese company that supplied the first-generation TSG-ADC hardware.
A leaked document titled “Login to SMBIO” includes serial console output showing the EtherFabric blade running Open Network Linux with a management network interface. The output of the ifconfig command lists the MAC address of this interface as 00:30:64:37:42:17. The OUI prefix 00:30:64 is registered to ADLINK Technology, Inc., confirming that an ADLINK network interface or board hosts the EtherFabric management and control plane. In plain terms, the dedicated computer inside EtherFabric that operators use to configure, monitor and update the device contains at least one ADLINK component, most likely the compute board that runs the management software.
EtherFabric was deployed at the Myanmar (M22) customer site and was also installed as a proof of concept for an unknown customer identified only by the code name A24.
ADLINK’s role and response
The evidence described above establishes that ADLINK Technologies has supplied hardware to Geedge Networks across two distinct products: the CSA-7400 platform used in the first-generation TSG-ADC, and networking components found in EtherFabric. Unlike the commodity x86 server hardware that Geedge sources from other vendors, ADLINK’s contributions are specialized components designed for network security and deep packet inspection applications, making ADLINK a uniquely significant supplier in Geedge’s hardware supply chain.
InterSecLab contacted ADLINK to ask about the nature and extent of their relationship with Geedge Networks, specifically regarding the supply of hardware for EtherFabric and the TSG-ADC. ADLINK confirmed that ADLINK Technology (China) Co., Ltd., Beijing Branch supplied standard CSA-7400 network security platform equipment to Geedge Networks. The company stated that it completed export control list screening, confirmed that Geedge was not on any restricted list, and shipped the product following routine compliance review. ADLINK did not answer directly when asked whether it had provided Geedge with Intel’s Testpoint software, as evidence from the leaked dataset suggests.
ADLINK stated that it only provided the general-purpose hardware platform and did not participate in any software integration, system design, or operational activities related to the product’s end use. However, this characterization is contradicted by leaked documents showing that Geedge’s TSG-ADC configuration relied on ADLINK’s PacketManager software for load-balancing functions.
In a follow-up exchange, ADLINK confirmed that shipments continued into early 2020 and that the total number of CSA-7400 units shipped to Geedge was 1,708. The company also stated that it would begin an internal audit to investigate possible misuse of its products and that it is willing to work with research institutions to clarify the facts. The complete text of ADLINK’s initial response is provided in the Annex.
ADLINK’s characterization of the CSA-7400 as a “general-purpose” platform is difficult to reconcile with the product’s own marketing, which positions it as a high-density network security appliance designed for deep packet inspection and firewall applications. The fact that a shipment of over 1,700 such units to a Chinese buyer did not trigger additional scrutiny during compliance review raises questions about the adequacy of ADLINK’s due diligence process. ADLINK’s assertion that Geedge did not disclose the end use may be accurate, but it also suggests that the company’s compliance procedures rely on customer self-disclosure rather than independent assessment of risk.
Conclusions
This investigation establishes that ADLINK Technologies, a Taiwanese company, shipped 1,708 units of specialized network security hardware to Geedge Networks between 2019 and early 2020, and that ADLINK components remain embedded in Geedge’s product line through the EtherFabric network packet broker. ADLINK’s export compliance process did not flag these transactions, despite the hardware being designed and marketed for deep packet inspection and firewall applications, and despite the buyer being a Chinese company operating in a sector with well-documented ties to state surveillance.
The scale of the shipment alone warrants scrutiny. Even if not all 1,708 CSA-7400 units were deployed in Kazakhstan, the volume of a single order for specialized network security appliances from a Chinese buyer should have prompted additional due diligence beyond verifying that the customer was not on an existing sanctions list. ADLINK’s reliance on customer self-disclosure to determine end use is insufficient for hardware with a narrow range of applications, most of which involve monitoring or controlling network traffic.
Taiwan’s export control framework, as described by the MOEA, is oriented around non-proliferation and references international sanctions lists. It does not appear to account for the export of surveillance-capable technology to companies that supply authoritarian governments. As lawmaker Puma Shen argued, Taiwan should establish its own entity list and develop clearer standards for when component manufacturers bear responsibility for end use, rather than relying solely on U.S. and EU lists.
The ADLINK hardware stands apart from the rest of Geedge’s supply chain precisely because it is specialized. Geedge’s software is open-source, and its current-generation servers are commodity x86 hardware that could be sourced from secondary markets. The CSA-7400 and the ADLINK components in EtherFabric cannot. This makes them a realistic target for export control measures in a way that commodity server components are not.
ADLINK has stated that it will conduct an internal audit and is willing to cooperate with research institutions and regulatory authorities. We urge the company to follow through on this commitment and to publish the results. We also call on the Taiwanese government to review whether its current export control framework is adequate for preventing the transfer of surveillance-capable technology to authoritarian states.
Annex:
Full statement by Adlink [1]:
Statement by ADLINK Technology Regarding InterSecLab’s September 2025 Report “The Internet Coup”
ADLINK Technology (hereinafter referred to as “the Company”) hereby issues the following statement:
- The Company has never participated in the design or construction of the “Great Firewall” (GFW) or any similar systems. In 2019, ADLINK Technology (China) Co., Ltd., Beijing Branch supplied standard CSA-7400 network security platform equipment to Geedge Networks (hereinafter referred to as “Geedge”) in accordance with normal commercial practices. At that time, the Company completed export control list screening, confirmed that the customer was not on any restricted list, and shipped the product following routine compliance review. Geedge Networks has never been listed on any export control list to date. The CSA-7400 product is a general-purpose telecommunications and industrial control platform, previously shipped to multiple international brand customers in Europe and the United States, and is not subject to export restrictions.
- In the aforementioned transaction, the Company only provided the general-purpose hardware platform and did not participate in any software integration, system design, policy deployment, or operational activities related to the product’s ultimate use. The customer did not disclose or indicate the final application of the product during the purchase process.
- The Company has always respected and strictly adhered to international human rights standards and maintains a comprehensive and rigorous export compliance review mechanism. For transactions involving high-risk regions or end-users, the Company implements necessary End-Use Authorization (EUA) and End-User Qualification (EUU) assessment procedures. In light of the associations suggested in the “The Internet Coup” report, the Company will initiate an internal audit to verify whether any unauthorized uses or terminal devices exist within the supply chain. The Company is willing to cooperate with relevant research institutions and regulatory authorities to clarify the facts. Should any breach of contract or unlawful use by customers be confirmed, the Company will take necessary legal action and notify the competent authorities.
- The Company values its brand reputation and social responsibility. If any risks or improper uses are identified within the supply chain, the Company will promptly take appropriate and transparent actions in accordance with internal governance procedures. Furthermore, the Company will continue to strengthen internal audits to enhance supply chain transparency and product compliance, thereby maintaining trust among all stakeholders.
[1] This was the initial statement sent by ADLINK to InterSecLab on November 14th 2025 and it does not include the follow-up questions sent to ADLINK as well as the company’s answers.
Response from the International Trade Administration, Ministry of Economic Affairs, Taiwan
Thank you for your email in which you share your research materials. Taiwan has established the Strategic High-Tech Commodities (SHTC) export control mechanism primarily to prevent the proliferation of weapons of mass destruction. Over the years, we continue to maintain close cooperation with international allies.
Within this regulatory framework, we maintain control lists for both commodities and entities, as outlined below:
1. Controlled Commodity List: Taiwan has established control lists that reference four major international export control regimes: the Wassenaar Arrangement, the Missile Technology Control Regime, the Nuclear Suppliers Group, and the Australia Group. Taiwan has also established the List of Dual-Use Items to strengthen management regarding the exportation of high-tech commodities.
2. Controlled Entity List: Taiwan’s entity list primarily references sanctions and control lists issued by the United Nations Security Council and partner countries. An interagency review meeting is held quarterly to determine suspicious entities based on proliferation risks and other national security considerations.
As for cases in which a domestic company violates export control regulations, competent authorities may impose administrative fines of up to NTD 3 million, suspend export/import privileges for up to one year, or, in serious cases, revoke the company’s import-export registration.
Due to legal constraints, the Ministry is unable to disclose confidential information regarding individual companies. If your organization has specific and verifiable evidence relevant to this case, we welcome you to share such information with us for further examination.
Best regards,
International Trade Administration,
Ministry of Economic Affairs