China unleashes hackers against its friend Russia, seeking war secrets
Advertisement
China is far wealthier than Russia and has plenty of homegrown scientific and military expertise, but Chinese military experts often lament that Chinese troops lack battlefield experience. Experts say that China sees the war in Ukraine as a chance to collect information about modern warfare tactics, Western weaponry, and what works against them.
'China likely seeks to gather intelligence on Russia's activities, including on its military operation in Ukraine, defense developments, and other geopolitical maneuvers,' said Che Chang, a researcher with TeamT5.
It is unclear how successful these attempts have been, partly because Russian officials have never publicly acknowledged these intrusions. But a classified counterintelligence document from Russia's domestic security agency, known as the FSB, makes clear that intelligence officials are concerned. The document, obtained by The New York Times, says that China is seeking Russian defense expertise and technology and is trying to learn from Russia's military experience in Ukraine. The document refers to China as an 'enemy.'
Advertisement
With Putin largely cut off from the West, his country has come to rely on China to buy its oil and sell it technology that is essential to its war effort. Moscow and Beijing have formed a bloc against Washington and its allies, alarming Western leaders. The FSB document presents a more complicated relationship than the 'no-limits' partnership that Xi and Putin describe.
Allies have been known to spy on one another, but the extent of China's hacking activities against Russia suggests both a higher level of mutual distrust and a reluctance by the Kremlin to share all that it is learning on the battlefield in Ukraine.
Drone warfare and software are of particular interest to China, the document says.
'The war in Ukraine fundamentally shifted intelligence priorities for both countries,' said Itay Cohen, a senior researcher with cybersecurity firm Palo Alto Networks who has followed Chinese hacking groups for years. Experts say, and the document indicates, that China wants to learn from Russia's war experience to bolster its own preparedness for potential future conflicts. Taiwan, in particular, is a major potential flashpoint with the West.
One Chinese government-funded group has targeted Rostec, the powerful Russian state-owned defense conglomerate, seeking information on satellite communications, radar and electronic warfare, according to Palo Alto Networks. Others have used malicious files, intended to exploit vulnerabilities in Microsoft Word, to penetrate Russian aviation industry targets and state bodies.
Advertisement
Messages seeking comment were left with the Kremlin and the Chinese Embassy in Moscow.
Not all Chinese hacking groups operate at the behest of the government. But security experts have seen evidence of government ties.
Russian cybersecurity firm Positive Technologies, for example, said in 2023 that cyberattacks had been mounted on several Russian targets, including in the aerospace, private security, and defense sectors. The attackers used a tool known as Deed RAT, which is widely deployed by Chinese state-sponsored hackers. Cybersecurity experts say Deed RAT is considered 'proprietary' among these groups and is not available for purchase on the dark web like other malware tools.
That has enabled state-backed hacking groups in China to use it more widely because it is tough for their adversaries to find a way to combat the malware.
Chinese state-sponsored hacking groups have often targeted international companies and government institutions, including in the United States and Europe. But hacking groups appear to have become more interested in Russian targets after the country's February 2022 invasion of Ukraine.
Chang said he and his colleagues tracked several Chinese hacking groups targeting Russia. Among them was one of the country's most active hacking groups, known as Mustang Panda.
Little is known about Mustang Panda's origins or where it operates inside China, according to researchers who have studied the group. Its activities often accompanied China's Belt and Road economic development initiative, according to Rafe Pilling, director of threat intelligence at security firm Sophos. As China invested in development projects in West Africa and Southeast Asia, he said, hacking soon followed.
That is most likely because China invests in countries where it has political and economic interests, which motivates state-sponsored hackers, Pilling said.
Advertisement
After Russia invaded Ukraine, TeamT5 said that Mustang Panda expanded its scope to target governmental organizations in Russia and the European Union.
Pilling, who has been monitoring Mustang Panda's activities for several years, says he suspects that the group is backed by China's Ministry of State Security, its main intelligence body. The ministry supports threat groups that attack targets around the world, he said. In 2022, Mustang Panda targeted Russian military officials and border guard units near the Siberian border with China.
'The targeting we've observed tends to be political and military intelligence-gathering,' Pilling said. That is true of all Chinese hacking groups targeting Russia, he said. 'I think of them as being one of the main tools that the Chinese state has for gathering political and economic intelligence.'
Mustang Panda has also attracted the attention of US authorities. In January, the Justice Department and the FBI said that Mustang Panda's malware had infected thousands of computer systems, seeking to steal information. Many of the targets were American, but the malware was also found on computers belonging to Chinese dissidents and European and Asian governments, according to a federal indictment.
The indictment makes clear that the United States believes that Mustang Panda is a state-sponsored group.
Other Chinese groups have targeted Russia, too. Chang said his team was following another threat group, Slime19, that is continuously targeting the Russian government, energy, and defense sectors.
In agreements in 2009 and 2015, China and Russia promised not to carry out cyberattacks targeting each other. But even at the time, analysts suggested that the announcement was largely symbolic.
Chinese hacking in Russia did not begin with the war in Ukraine. A 2021 cyberattack, for example, targeted Russian submarine designers. But experts say the war prompted a spike in computer intrusions.
Advertisement
'The activity — we saw it immediately in the months following Russia's full-scale invasion of Ukraine,' Cohen said. 'Even though the public narrative was of close ties between Russia and China.'
This article originally appeared in
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
San Francisco Chronicle
10 minutes ago
- San Francisco Chronicle
A Russian drone strike on Odesa kills a married couple and injures 17 other people, Ukraine says
KYIV, Ukraine (AP) — Two people died and at least 17 more were injured as Russian drones overnight struck the southern Ukrainian port city of Odesa, Ukrainian authorities said on Saturday. A drone slammed into a residential tower block in the city, causing damage to three floors and trapping residents, emergency services said. The two killed in the attack were a married couple, according to regional Gov. Oleh Kiper, who added that three children were among the injured. There was no immediate comment from Moscow. According to Russia's Defense Ministry, over 40 Ukrainian drones were shot down overnight and on Saturday morning, over western Russia and Kremlin-occupied Crimea. Long-range drone strikes have been a hallmark of the war, now in its fourth year. The race by both sides to develop increasingly sophisticated and deadlier drones has turned the war into a testing ground for new weaponry.
Newsweek
2 hours ago
- Newsweek
Ukraine Destroys Russian Fighter-Bombers in Precision Air Base Attack
Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources. Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content. Four Russian fighter-bombers were targeted in a Ukrainian drone strike hundreds of miles away from the frontline, according to Ukraine's military. The drones destroyed two Su-34 fighter jets and damaged two others following the strike in Russia's Volgograd Oblast overnight Friday, according to Ukraine's General Staff. Newsweek has contacted the Russian defense ministry for comment. Russian Sukhoi Su-34 fighter-bombers fly over Red Square during a rehearsal for the Victory Day military parade in Moscow on May 7, 2017. Russian Sukhoi Su-34 fighter-bombers fly over Red Square during a rehearsal for the Victory Day military parade in Moscow on May 7, It Matters Over the course of Russia's full-scale invasion, Ukrainian drone technology has fast developed into a cost effective way of taking out expensive Russian military assets and Kyiv's report shows the latest stage of this campaign of hitting targets far from the frontline. What To Know The operation was carried out by the Special Forces and the Security Service of Ukraine (SBU) in cooperation with other military units, according to the General Staff. The statement said that two Russian Su-34 fighter-bombers have been destroyed and two others damaged at the Marinovka airfield over 560 miles southeast of Moscow in an operation carried out by long-range drones. The attack also sparked a fire in the airport's technical maintenance area used to prepare aircraft ready for missions. Russian Su-34s are the main aircraft Russia uses to launch missile and bomb strikes on Ukrainian positions and settlements. As of Saturday, 37 Russian Su-34s and 158 aircraft in total had been destroyed or damaged since February 2022 according to Oryx, a website tracking war losses by using imagery as proof. The latest strikes come as Russia steps up aerial attacks on Ukraine which said Moscow's attacks had killed 10 people and injured at least 50 others on Friday. Ukraine's Air Force reported it had downed 21 out of the 23 drones, including Shahed-type attack drones and decoys. But a Russian drone attack on the city of Odesa hit a high-rise building, killing a married couple and injuring at least 14 other people, according to local authorities. Video on social media showed firefighters battling a blaze and residents trying to escape down the stairwell of the 21-story building. Meanwhile, a Russian missile strike on the city of Samar in Dnipropetrovsk Oblast killed five people and injured at least 25 others, according to the regional governor Serhii Lysak. What People Are Saying In a statement, Ukraine's General Staff said Ukrainian forces "carried out a joint special operation that resulted in the destruction of two Russian Su-34 fighter-bombers and damage to two others at the Marinovka airfield." What Happens Next As Russia continues with its strikes on Ukrainian civilian infrastructure, Kyiv will step up its drone production. Ukraine's President Volodymyr Zelensky said in his video address on Friday that ramping up the financing and production of drones was a priority for Kyiv to defend the country following a meeting with his military chiefs.
USA Today
2 hours ago
- USA Today
Congress, stop neglecting the farm bill. Only luck has shielded us from disaster.
From foreign actors smuggling in crop diseases to outbreaks like the bird flu, America has come dangerously close to disaster. Our luck cannot continue. There is nothing more American than agriculture. Yet, it's often an afterthought in national security ‒ and it shouldn't be. FBI agents have recently arrested three Chinese scientists accused of smuggling biological materials into the United States. In the first case, the boyfriend of a University of Michigan researcher is accused of concealing baggies containing a potentially devastating plant fungus in a wad of tissues in his backpack; in the second, a Chinese scientist was arrested entering the United States on suspicion of mailing biological material related to roundworms to a laboratory at the same university. Whether the roundworm material or the version of Fusarium graminearum in the baggies could cause billions of dollars in damage to our farmers and food supply remains unclear ‒ but the fact that these biological materials entered the country through the mail and Detroit's airport should serve as a wake-up call. Risks keep growing in food and agriculture industry From foreign actors smuggling in crop diseases to outbreaks like the latest avian flu, the United States has come dangerously close to disaster ‒ and we've avoided it not because we were prepared, but because we have been lucky. America is among the most food-secure nations in the world, but it's time to treat food and agriculture as critical components of our national security. The cost of not doing so is simply far too high. Today, food and agriculture contribute $1.537 trillion to U.S. gross domestic product, and the sector employs more than 22 million people. Farming is a defining feature of our identity. But while politicians pose in front of barns, tractors and fields for campaign ads, meaningful agricultural security policy sits on the back burner as the risks keep growing. Opinion: Many American farmers agree with spending cuts. But those policies hurt farms most. In 2020, more than 30,000 unsolicited packages of seeds were sent from China to random American households. While the government eventually determined that these shipments were not a deliberate act of biological warfare, the next time they may be. Pathogens, pests and invasive weeds could have easily hidden in these packages, potentially yielding devastating damage to our crops, causing billions of dollars in economic damage. You've heard of bird flu, but what about African Swine Fever? Before avian flu caused egg prices to go up and cows to get sick, African Swine Fever was making a home right outside of our borders. This virus is now on the island of Hispaniola, comprising Haiti and the Dominican Republic, fewer than 700 miles from the United States. With millions of U.S. tourists visiting the island each year and hundreds of thousands of Haitian migrants fleeing due to criminal activity and insecurity, we have been lucky the virus has not found its way to the United States on the sole of someone's shoe. African Swine Fever spreading in the United States could create losses of up to $50 billion to the U.S. pork industry. There's also plenty of evidence of 'agroterrorism' out there. In China, for example, criminal gangs have been known to spread the virus between farms for economic gain. Opinion: Amid bird flu, farmers culled millions of chickens ‒ but USDA fired workers helping to deal with outbreak The U.S. government needs to pay as much attention to securing food and agriculture as to other national and economic security threats. The U.S. Department of Agriculture works diligently to protect and promote the nation's agriculture from natural and accidental threats, but it operates as a trade agency, not a national security agency. Vital USDA programs for identifying agricultural threats are historically underfunded compared with their public health counterparts. The Farm Bill, which authorizes and prioritizes policies and programs for agriculture, has not been updated since 2018. This means that programs like the National Veterinary Stockpile, which protects the nation's food supply, will continue to operate on a shoestring budget that is less than 1% of its public health counterpart. Congress needs to modernize and approve a Farm Bill designed to protect national and economic security. As a first step, the bill should establish a senior USDA position for national and homeland security. Appointed by the president, this official can be responsible for threats to agricultural security. Further, Congress needs to appropriately fund programs that secure U.S. agriculture. The cost of inaction far outweighs any expenditure. Our government's response to the current avian flu has already cost $1.4 billion alone ‒ response always costs more than prevention. The USDA works tirelessly to protect our food, health, national and economic security, but today it's fighting a wildfire with a watering can. We have managed to evade an economic catastrophe, but our luck cannot continue. Congress must prioritize and invest in agricultural security by updating and passing a Farm Bill. It is in everyone's interest. David Stiefel serves as a director for the Global Biological Policy and Programs team at the Nuclear Threat Initiative. Before joining NTI, Stiefel held several senior roles on the National Security Council at the White House and directed the government's biopreparedness review, resulting in the 2022 National Biodefense Strategy. He also led efforts to shape U.S. government plans to strengthen the security and resilience of U.S. food and agriculture.
