
China-Russia trust erodes as Beijing's hackers go rogue, launch cyberattacks to steal Ukraine war secrets
China hackers targeting Russia
have raised serious concerns as multiple cyberattacks linked to Chinese state-sponsored groups have reportedly breached Russian military and defense systems since the Ukraine war began. Despite public declarations of friendship between Moscow and Beijing, cyber analysts say the Chinese government has been actively spying on Russian technologies, including nuclear submarines, drone systems, and battlefield tactics. The breach highlights a growing undercurrent of distrust and strategic intelligence gathering even among so-called allies.
Cyber groups tied to Beijing—like APT27 and APT31—are believed to be behind these stealthy operations, using phishing emails and malware to infiltrate sensitive Russian networks.
Why are China hackers targeting Russia amid growing friendship?
Despite a publicly strong relationship between China and Russia, cybersecurity experts say
China hackers
have been quietly breaching Russian systems since May 2022 — just months after Russia launched its full-scale invasion of Ukraine. These hacking attempts have continued steadily, with Chinese-linked groups digging into Russia's defense and military data.
by Taboola
by Taboola
Sponsored Links
Sponsored Links
Promoted Links
Promoted Links
You May Like
Air conditioners without external unit. (click to see prices)
Air Condition | Search Ads
Search Now
Undo
According to cybersecurity researchers from TeamT5, one group named
Sanyo
impersonated a Russian engineering firm's email to seek data on nuclear submarines. The intention behind these cyber intrusions appears to be collecting information about Russia's battlefield operations, modern warfare tactics, and Western weapon technologies seen in Ukraine.
Che Chang, a TeamT5 researcher, stated, 'China likely seeks to gather intelligence on Russia's military operations, defense progress, and geopolitical strategies.' This information could help China boost its own military readiness for future conflicts — particularly in regions like Taiwan, which remains a hotbed of geopolitical tension.
Live Events
What exactly did China's hackers target in Russia?
According to cybersecurity researchers at SentinelLabs and Recorded Future,
Chinese Advanced Persistent Threat (APT) groups
, including
APT27 (Emissary Panda)
and
APT31 (Zirconium)
, have been aggressively targeting:
Russian military contractors
Government departments involved in defense R&D
Email servers and document archives linked to Ukraine war planning
The hackers reportedly used
spear-phishing campaigns
, spoofing Russian Ministry of Health notices to plant malware into classified internal systems.
One malware strain, called
PlugX
, known for remote access and data exfiltration, was flagged in these Russian environments—previously used by China in espionage campaigns across Southeast Asia and the Middle East.
What kind of information are Chinese hackers after in Russia?
The
China hackers targeting Russia
campaign has been aimed at extracting sensitive military intelligence, especially battlefield-tested insights. Russian defense firms, including
Rostec
, were among the major targets. Cyber experts from Palo Alto Networks revealed that Chinese hacking groups have sought data on radar systems, satellite communications, drone warfare, and electronic warfare technology.
Another method used by these hackers involved Microsoft Word-based malware files, which exploited software vulnerabilities to breach aviation and defense sectors. One particularly dangerous tool spotted in these attacks was
Deed RAT
, malware considered 'proprietary' among Chinese state-sponsored groups. According to Russian cybersecurity firm Positive Technologies, this malware has been used to attack Russian aerospace, security, and military sectors.
Though Russian authorities have not officially acknowledged these attacks, a leaked classified document from Russia's FSB — the domestic security agency — described China as an 'enemy,' confirming internal concerns about Chinese espionage.
While China and Russia continue to cooperate publicly, including military drills and joint diplomatic efforts, cyber experts say Beijing has long pursued a
"friend-but-watcher" strategy
. This means China often spies on both allies and adversaries to:
Gauge battlefield conditions in Ukraine
Evaluate Russia's military capabilities and vulnerabilities
Shape its own geopolitical strategies, including Taiwan preparations
According to Recorded Future,
China increased cyber-espionage targeting Russia by 87% since early 2023
, focusing particularly on regions near
Ukraine and Crimea
.
Who are the major Chinese hacking groups involved?
Several well-known Chinese hacking groups have been identified by cybersecurity teams as being behind these operations.
Mustang Panda
, one of China's most active state-backed cyber espionage groups, expanded its activities after the war in Ukraine began. TeamT5 and Sophos researchers found that Mustang Panda targeted Russian government agencies and military officials — particularly near the China-Russia Siberian border.
According to Rafe Pilling from Sophos, the group's operations often follow China's political or economic interests. 'Wherever China invests — whether West Africa, Southeast Asia, or Russia — Mustang Panda follows with targeted hacking,' said Pilling. He and U.S. intelligence sources believe Mustang Panda operates under the Chinese Ministry of State Security.
The group even drew attention from American law enforcement. In January, the U.S. Justice Department indicted individuals tied to Mustang Panda for infecting thousands of systems worldwide, including government networks and devices used by Chinese dissidents.
Another Chinese hacking group,
Slime19
, has been consistently attacking Russia's energy, government, and defense infrastructure, according to TeamT5's Chang.
Has China broken its cybersecurity pact with Russia?
In 2009 and 2015, China and Russia publicly agreed not to hack each other's systems. However, analysts have long viewed those agreements as symbolic, lacking enforcement or trust. The evidence emerging since Russia's invasion of Ukraine proves that those deals hold little practical weight.
The FSB document accessed by
The New York Times
shows that Russian intelligence views China's digital espionage as a serious threat. China, while outwardly cooperative with Russia in forums and bilateral trade, appears unwilling to rely on Moscow for open sharing of battlefield learnings. Instead, cyber intrusions have become the preferred route for collecting war data.
'The war in Ukraine shifted the priorities of both countries,' said Itay Cohen from Palo Alto Networks. 'Even though the public narrative was one of close ties, in reality, espionage increased.'
How is Russia reacting to these cyber intrusions?
Thus far, the Kremlin has not officially condemned China, possibly to avoid diplomatic fallout. However, anonymous Russian cybersecurity sources have told investigative outlet iStories that internal firewalls have been tightened and communications protocols are under review.
The Federal Security Service (FSB) reportedly issued an internal memo warning of 'unusual East Asian-origin threats' in mid-2024. Still, no public attribution has been made.
This silence may signal Russia's reluctance to publicly challenge China at a time when it faces intense pressure from NATO and the West.
What does this mean for future China-Russia relations?
While China remains one of Russia's most crucial trade partners — especially with the West largely isolating Moscow — the depth of
China hackers targeting Russia
reveals a fragile foundation beneath this alliance. The relationship, often described by Presidents Xi and Putin as a 'no-limits' partnership, is evidently full of limits when it comes to trust.
China's hunger for military intelligence, especially regarding real-time warfare experience, is pushing it to take bold steps. For China, Russia's war offers a rare, real-world military case study that it can't afford to ignore — especially with tensions rising in the Taiwan Strait.
Cyber intrusions are likely to continue, if not grow. As Russian officials stay silent and Chinese hackers grow more sophisticated, the digital battlefield between these two "allies" is already active — and evolving quickly.
FAQs:
Q1: Why are China hackers targeting Russia during the Ukraine war?
To secretly collect Russian military intelligence and battlefield data.
Q2: Who is Mustang Panda in the China hacking campaign?
Mustang Panda is a top Chinese state-backed hacking group targeting Russia.

Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles


Mint
28 minutes ago
- Mint
Former OpenAI Board Member Questions Zuckerberg AI Hiring Spree
(Bloomberg) -- Meta Platforms Inc.'s lavish multimillion-dollar budget for recruiting top AI talent may not guarantee success, said Helen Toner, former OpenAI board member and director of strategy at Georgetown's Center for Security and Emerging Technology. The poaching of artificial intelligence researchers from the likes of OpenAI — with salaries in the tens of millions of dollars — and the debut of Meta's new Superintelligence group comes after the Facebook operator developed a reputation for 'having a dysfunctional team,' Toner said in an interview with Bloomberg TV. The practice of luring away high performers from each other's AI labs has intensified among Silicon Valley companies since the launch of ChatGPT, she said. 'The question is, can it turn around Meta's fortunes and turn it into a real juggernaut?' Toner said. 'It'll be difficult, there's a lot of organizational politics at play.' Meta's troubles began compounding when China's AI upstart DeepSeek came out of nowhere this year and put forward credible competition to Meta's open source models. 'The fact that DeepSeek was outshining them was really not a good look for the company,' according to Toner. Chief Executive Officer Mark Zuckerberg is now plowing financial resources in, but whether he'll be able to change organizational dynamics and make progress fast enough to retain top engineers is an open question. 'Can Meta convince them that they are moving fast enough?' Toner said. Toner, an influential voice in artificial intelligence, came into the limelight first as a board member of OpenAI and then for her vote to oust Sam Altman from the CEO post in late 2023. The Melbourne-educated academic departed from the board following Altman's brief stepping down and restoration to the top job, and has since advanced her career in studying the AI race between the US and China. That race is now spilling across borders as the two superpowers vie for the business and collaboration of other countries, Toner said. US companies like OpenAI and Chinese players like Alibaba Group Holding Ltd., DeepSeek and Zhipu AI are making plays for international partnerships with governments and businesses. South Korea's Kakao Corp. is integrating ChatGPT and other AI services into the country's most used social media platform, while Alibaba is adding new data centers in Southeast Asia. China has a long history of working with other governments and is chipping away at the US tech monopoly globally, Toner said. 'It's certainly a strong showing they're making,' she said. China's models are widely available even if they are less technically sophisticated. They compete on the basis that they're 'cheaper, easier to use, and they help you adopt and customize.' Toner hasn't interacted with Altman since their clash in the November 2023 OpenAI boardroom battle. 'At some point, we'll wind up at the same event, the AI world is pretty small,' she said. 'I'm sure we'll both be happy to shake each other's hand.' More stories like this are available on


Time of India
28 minutes ago
- Time of India
24-year-old 7-Eleven employee dies after being left brain-dead when manager ‘sat on top of her' in violent, senseless attack
24-year-old 7-Eleven employee dies after being left brain-dead when manager 'sat on top of her' in violent, senseless attack(Source:Facebook) A 24-year-old woman who was violently attacked by her manager while working at a 7-Eleven store in Los Angeles has died after being taken off life support, following an incident that left her brain-dead. Jessica McLaughlin was on duty at the convenience store on 24 June when she was allegedly assaulted by a female manager after a dispute broke out around 2 p.m., according to the Los Angeles Times . The manager, who has not yet been publicly identified and remains on the run, reportedly pulled McLaughlin's hair and then sat on her upper body with her full weight, preventing her from breathing. 'She held her down, sat on top of her, and didn't let her breathe,' McLaughlin's brother, Sean McLaughlin, wrote on a GoFundMe page set up for the family. According to the New York Post , the suspect is also believed to have attempted to delete security footage from the store's back office following the assault. McLaughlin collapsed shortly afterwards and never regained consciousness. She was taken to Hollywood Presbyterian Hospital and declared brain-dead due to oxygen deprivation. Her family made the heartbreaking decision to remove her from life support days later, and she died on Wednesday. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Giao dịch CFD với công nghệ và tốc độ tốt hơn IC Markets Đăng ký Undo 'Jessica had a way of making people feel safe, accepted, and loved. You could come to her with anything and know you wouldn't be judged,' her brother wrote. 'She had such a beautiful soul and deserved so much better than the way her life was taken from her.' The suspect has since been dismissed from their position at 7-Eleven. In a statement, the company said: 'Our hearts are with those impacted during this difficult time. The suspect has been terminated, and we continue to fully cooperate with law enforcement in their investigation.' Police are still searching for the accused attacker, and the investigation remains ongoing.


India Gazette
28 minutes ago
- India Gazette
"Will have to cross that bridge when we come to it": Jaishankar on Lindsey Graham's Russian sanctions bill
Washington, DC [US], July 3 (ANI): External Affairs Minister S Jaishankar said on Wednesday (local time) that the Indian embassy and ambassador have been in touch with US Senator Lindsey Graham regarding the bill on Russia and India will have to cross that bridge if it comes to it. While addressing a press conference, Jaishankar stated that India's concerns and interests on energy, security have been made conversant to Graham. When asked about US plans to impose 500 per cent tariffs on the import of Russian Oil, Jaishankar said, 'Regarding Senator Lindsey Graham's bill, any development which is happening in the US Congress is of interest to us if it impacts our interest or could impact our interest. So, we have been in touch with Senator Graham. The embassy, ambassador have been in touch. Our concerns and our interests on energy, security have been made conversant to him. So, we'll then have to cross that bridge when we come to it, if we come to it.' Graham's sanctions bill on Russia would impose a 500 per cent tariff on imports from any nation that purchases Russian oil, gas, uranium and other products, The Hill reported. The bill has over 80 co-sponsors in the Senate, potentially making it veto-proof. After the war erupted between Russia and Ukraine, the US and Western nations imposed sanctions on Moscow. However, India has continued to purchase Russian oil. Earlier in May, Lindsey Graham said he is in touch with US President Donald Trump regarding the bill. Republican lawmakers have indicated they are worried about moving the bill but are waiting for approval from Trump before bringing the legislation to the floor. When asked whether Trump is giving instructions on when the bill will come to the floor, Graham stated, 'We are separate entities coordinating with each other,' The Hill reported. Graham is proposing a carveout for his Russian sanctions bill to exclude nations that help Ukraine's defence, protecting them from a 500 per cent tariff for trading with Russia. (ANI)