 "In this pool photograph distributed by the Russian state agency Sputnik, Russia's President Vladimir Putin and China's President Xi Jinping attend a concert marking the 75th anniversary of the establishment of diplomatic relations between Russia and China and opening of China-Russia Years of Culture at the National Centre for the Performing Arts in Beijing on May 16, 2024. (Photo via AFP)")
China-backed groups have intensified hacking attempts on Russian companies and government agencies since the beginning of the war in Ukraine, the New York Times has reported, citing ‘cyberanalysts’. This cyber warfare has persisted despite both leaders, Russia’s Vladimir Putin and China’s Xi Jinping, publicly hailing their ‘no limits’ ties.
Just last year, TeamT5, a Taiwan-based cybersecurity research firm, established that one of China-backed groups was behind a cyberattack on a major Russian engineering firm in the hunt for information on nuclear submarines.
Experts believe that while China is far wealthier than Russia, it feels its armed forces lack battlefield experience. Now, it might be hoping to plug some holes using Russia’s experience in the Ukraine war.
“China likely seeks to gather intelligence on Russia’s activities, including on its military operation in Ukraine, defence developments and other geopolitical manoeuvres,” the Times quoted TeamT5’s Che Chang as saying.
‘Leaked’ Russian document dubs China as an ‘enemy’
The Times cites a classified counterintelligence document from Russia’s domestic security agency, known as the FSB, to throw light on how the Russia-China partnership is plagued with deep mistrust.
The document refers to China as an ‘ enemy ’ and says that Beijing was actively looking for defence expertise and technology and is trying to learn from Russia’s military experience in Ukraine.
Notably, Russia has never acknowledged these concerns in public.
‘Rostec targeted’
The Times report says that even Rostec, which is Russia’s state-owned powerful defence conglomerate, was targeted by one of China’s state-backed group to seek information on satellite communications, radar and electronic warfare. Citing Palo Alto Networks, the paper notes that some groups use malicious files, intended to exploit vulnerabilities in Microsoft Word, to penetrate Russian aviation industry targets.
In 2023, Positive Technologies, a Russian cybersecurity company, reported that multiple Russian entities, including those in the aerospace, private security, and defence sectors, were targeted by cyberattacks. The attacks utilised Deed RAT, a tool commonly associated with Chinese state-sponsored hackers.
Impact Shorts
More ShortsAccording to cybersecurity experts, Deed RAT is a “proprietary” malware, exclusive to these groups and not available for purchase on the dark web, unlike other malicious tools.
Notably, the reports of China-backed cyberattacks on Russian companies had emerged before the Ukraine war too. For example, Beijing hackers carried out a cyberattack on Russian submarine designers in 2021.