Latest news with #TeamT5
Time of India
21-06-2025
- Business
- Time of India
Why Chinese hackers have unleashed cyberattacks on 'friend Russia' since Ukraine conflict, what 'war secrets' are behind these attacks
AI Image Cyber analysts have reportedly discovered a strange cyberwarfare trend. According to a report by New York Times, quoting security researchers, since the beginning of the war in Ukraine, groups linked to the Chinese government have repeatedly hacked Russian companies and government agencies in an apparent search for military secrets. There has been increase in Since Russia's invasion of Ukraine in February 2022, Chinese government-linked hackers have repeatedly targeted Russian companies and government agencies, seeking military secrets, according to the New York Times report. The cyberattacks, which intensified in May 2022, have persisted despite public declarations of a 'no-limits' partnership between Russian President Vladimir Putin and Chinese President Xi Jinping. Chinese hacking groups 'targetting' Russian businesses The report claims that a Chinese hacking group, Sanyo, impersonated a Russian engineering firm's email addresses in 2023 to steal data on nuclear submarines, as uncovered by Taiwan-based cybersecurity firm TeamT5, which linked the attack to Beijing. 'China likely seeks to gather intelligence on Russia's activities, including on its military operation in Ukraine, defense developments and other geopolitical maneuvers,' TeamT5 researcher Che Chang told the Times. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like 5 Books Warren Buffett Wants You to Read In 2025 Blinkist: Warren Buffett's Reading List Undo A classified Russian FSB document, obtained by The New York Times, reveals Moscow's concerns about China's pursuit of Russian defense technology and battlefield insights, labeling China an 'enemy.' This contrasts with the public Sino-Russian alliance, as Russia relies on China for oil markets and war-critical technology. The document highlights China's interest in drone warfare and software, noting that 'the war in Ukraine fundamentally shifted intelligence priorities for both countries,' according to Itay Cohen of Palo Alto Networks, as quoted by the Times. What techniques Chinese hackers are said to be using against Russia The New York Times also reports that Chinese hackers targeted Rostec, Russia's state-owned defense conglomerate, for satellite communications and radar data, using malicious Microsoft Word files to infiltrate aviation and state entities. Groups like Mustang Panda, suspected of ties to China's Ministry of State Security, have hit Russian military and border units, the Times notes, citing Rafe Pilling of Sophos. Pilling told the Times, 'The targeting we've observed tends to be political and military intelligence gathering.' Proprietary malware like Deed RAT, used by Chinese state-sponsored hackers, has been deployed against Russian aerospace and defense sectors, the report said, citing Positive Technologies. Despite 2009 and 2015 agreements barring mutual cyberattacks, the Times notes that experts view these as symbolic, with hacking spiking post-Ukraine invasion. 'The activity — we saw it immediately in the months following Russia's full-scale invasion,' Cohen told the Times, highlighting the tension beneath the public narrative of Sino-Russian unity. AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Time of India
20-06-2025
- Politics
- Time of India
China-Russia trust erodes as Beijing's hackers go rogue, launch cyberattacks to steal Ukraine war secrets
China hackers target Russia despite alliance, seeking war secrets and battlefield data- China hackers targeting Russia have raised serious concerns as multiple cyberattacks linked to Chinese state-sponsored groups have reportedly breached Russian military and defense systems since the Ukraine war began. Despite public declarations of friendship between Moscow and Beijing, cyber analysts say the Chinese government has been actively spying on Russian technologies, including nuclear submarines, drone systems, and battlefield tactics. The breach highlights a growing undercurrent of distrust and strategic intelligence gathering even among so-called allies. Cyber groups tied to Beijing—like APT27 and APT31—are believed to be behind these stealthy operations, using phishing emails and malware to infiltrate sensitive Russian networks. Why are China hackers targeting Russia amid growing friendship? Despite a publicly strong relationship between China and Russia, cybersecurity experts say China hackers have been quietly breaching Russian systems since May 2022 — just months after Russia launched its full-scale invasion of Ukraine. These hacking attempts have continued steadily, with Chinese-linked groups digging into Russia's defense and military data. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Air conditioners without external unit. (click to see prices) Air Condition | Search Ads Search Now Undo According to cybersecurity researchers from TeamT5, one group named Sanyo impersonated a Russian engineering firm's email to seek data on nuclear submarines. The intention behind these cyber intrusions appears to be collecting information about Russia's battlefield operations, modern warfare tactics, and Western weapon technologies seen in Ukraine. Che Chang, a TeamT5 researcher, stated, 'China likely seeks to gather intelligence on Russia's military operations, defense progress, and geopolitical strategies.' This information could help China boost its own military readiness for future conflicts — particularly in regions like Taiwan, which remains a hotbed of geopolitical tension. Live Events What exactly did China's hackers target in Russia? According to cybersecurity researchers at SentinelLabs and Recorded Future, Chinese Advanced Persistent Threat (APT) groups , including APT27 (Emissary Panda) and APT31 (Zirconium) , have been aggressively targeting: Russian military contractors Government departments involved in defense R&D Email servers and document archives linked to Ukraine war planning The hackers reportedly used spear-phishing campaigns , spoofing Russian Ministry of Health notices to plant malware into classified internal systems. One malware strain, called PlugX , known for remote access and data exfiltration, was flagged in these Russian environments—previously used by China in espionage campaigns across Southeast Asia and the Middle East. What kind of information are Chinese hackers after in Russia? The China hackers targeting Russia campaign has been aimed at extracting sensitive military intelligence, especially battlefield-tested insights. Russian defense firms, including Rostec , were among the major targets. Cyber experts from Palo Alto Networks revealed that Chinese hacking groups have sought data on radar systems, satellite communications, drone warfare, and electronic warfare technology. Another method used by these hackers involved Microsoft Word-based malware files, which exploited software vulnerabilities to breach aviation and defense sectors. One particularly dangerous tool spotted in these attacks was Deed RAT , malware considered 'proprietary' among Chinese state-sponsored groups. According to Russian cybersecurity firm Positive Technologies, this malware has been used to attack Russian aerospace, security, and military sectors. Though Russian authorities have not officially acknowledged these attacks, a leaked classified document from Russia's FSB — the domestic security agency — described China as an 'enemy,' confirming internal concerns about Chinese espionage. While China and Russia continue to cooperate publicly, including military drills and joint diplomatic efforts, cyber experts say Beijing has long pursued a "friend-but-watcher" strategy . This means China often spies on both allies and adversaries to: Gauge battlefield conditions in Ukraine Evaluate Russia's military capabilities and vulnerabilities Shape its own geopolitical strategies, including Taiwan preparations According to Recorded Future, China increased cyber-espionage targeting Russia by 87% since early 2023 , focusing particularly on regions near Ukraine and Crimea . Who are the major Chinese hacking groups involved? Several well-known Chinese hacking groups have been identified by cybersecurity teams as being behind these operations. Mustang Panda , one of China's most active state-backed cyber espionage groups, expanded its activities after the war in Ukraine began. TeamT5 and Sophos researchers found that Mustang Panda targeted Russian government agencies and military officials — particularly near the China-Russia Siberian border. According to Rafe Pilling from Sophos, the group's operations often follow China's political or economic interests. 'Wherever China invests — whether West Africa, Southeast Asia, or Russia — Mustang Panda follows with targeted hacking,' said Pilling. He and U.S. intelligence sources believe Mustang Panda operates under the Chinese Ministry of State Security. The group even drew attention from American law enforcement. In January, the U.S. Justice Department indicted individuals tied to Mustang Panda for infecting thousands of systems worldwide, including government networks and devices used by Chinese dissidents. Another Chinese hacking group, Slime19 , has been consistently attacking Russia's energy, government, and defense infrastructure, according to TeamT5's Chang. Has China broken its cybersecurity pact with Russia? In 2009 and 2015, China and Russia publicly agreed not to hack each other's systems. However, analysts have long viewed those agreements as symbolic, lacking enforcement or trust. The evidence emerging since Russia's invasion of Ukraine proves that those deals hold little practical weight. The FSB document accessed by The New York Times shows that Russian intelligence views China's digital espionage as a serious threat. China, while outwardly cooperative with Russia in forums and bilateral trade, appears unwilling to rely on Moscow for open sharing of battlefield learnings. Instead, cyber intrusions have become the preferred route for collecting war data. 'The war in Ukraine shifted the priorities of both countries,' said Itay Cohen from Palo Alto Networks. 'Even though the public narrative was one of close ties, in reality, espionage increased.' How is Russia reacting to these cyber intrusions? Thus far, the Kremlin has not officially condemned China, possibly to avoid diplomatic fallout. However, anonymous Russian cybersecurity sources have told investigative outlet iStories that internal firewalls have been tightened and communications protocols are under review. The Federal Security Service (FSB) reportedly issued an internal memo warning of 'unusual East Asian-origin threats' in mid-2024. Still, no public attribution has been made. This silence may signal Russia's reluctance to publicly challenge China at a time when it faces intense pressure from NATO and the West. What does this mean for future China-Russia relations? While China remains one of Russia's most crucial trade partners — especially with the West largely isolating Moscow — the depth of China hackers targeting Russia reveals a fragile foundation beneath this alliance. The relationship, often described by Presidents Xi and Putin as a 'no-limits' partnership, is evidently full of limits when it comes to trust. China's hunger for military intelligence, especially regarding real-time warfare experience, is pushing it to take bold steps. For China, Russia's war offers a rare, real-world military case study that it can't afford to ignore — especially with tensions rising in the Taiwan Strait. Cyber intrusions are likely to continue, if not grow. As Russian officials stay silent and Chinese hackers grow more sophisticated, the digital battlefield between these two "allies" is already active — and evolving quickly. FAQs: Q1: Why are China hackers targeting Russia during the Ukraine war? To secretly collect Russian military intelligence and battlefield data. Q2: Who is Mustang Panda in the China hacking campaign? Mustang Panda is a top Chinese state-backed hacking group targeting Russia.
&w=3840&q=100)
First Post
20-06-2025
- Politics
- First Post
No limits, no trust: China mounts secret cyberwar on Russia, says report
Experts believe that while China is far wealthier than Russia, it feels its armed forces lack battlefield experience. Now, Beijing is likely seeking intelligence on Russia's activities in Ukraine read more In this pool photograph distributed by the Russian state agency Sputnik, Russia's President Vladimir Putin and China's President Xi Jinping attend a concert marking the 75th anniversary of the establishment of diplomatic relations between Russia and China and opening of China-Russia Years of Culture at the National Centre for the Performing Arts in Beijing on May 16, 2024. (Photo via AFP) China-backed groups have intensified hacking attempts on Russian companies and government agencies since the beginning of the war in Ukraine, the New York Times has reported, citing 'cyberanalysts'. This cyber warfare has persisted despite both leaders, Russia's Vladimir Putin and China's Xi Jinping, publicly hailing their 'no limits' ties. Just last year, TeamT5, a Taiwan-based cybersecurity research firm, established that one of China-backed groups was behind a cyberattack on a major Russian engineering firm in the hunt for information on nuclear submarines. STORY CONTINUES BELOW THIS AD Experts believe that while China is far wealthier than Russia, it feels its armed forces lack battlefield experience. Now, it might be hoping to plug some holes using Russia's experience in the Ukraine war. 'China likely seeks to gather intelligence on Russia's activities, including on its military operation in Ukraine, defence developments and other geopolitical manoeuvres,' the Times quoted TeamT5's Che Chang as saying. 'Leaked' Russian document dubs China as an 'enemy' The Times cites a classified counterintelligence document from Russia's domestic security agency, known as the FSB, to throw light on how the Russia-China partnership is plagued with deep mistrust. The document refers to China as an ' enemy ' and says that Beijing was actively looking for defence expertise and technology and is trying to learn from Russia's military experience in Ukraine. Notably, Russia has never acknowledged these concerns in public. 'Rostec targeted' The Times report says that even Rostec, which is Russia's state-owned powerful defence conglomerate, was targeted by one of China's state-backed group to seek information on satellite communications, radar and electronic warfare. Citing Palo Alto Networks, the paper notes that some groups use malicious files, intended to exploit vulnerabilities in Microsoft Word, to penetrate Russian aviation industry targets. In 2023, Positive Technologies, a Russian cybersecurity company, reported that multiple Russian entities, including those in the aerospace, private security, and defence sectors, were targeted by cyberattacks. The attacks utilised Deed RAT, a tool commonly associated with Chinese state-sponsored hackers. According to cybersecurity experts, Deed RAT is a 'proprietary' malware, exclusive to these groups and not available for purchase on the dark web, unlike other malicious tools. Notably, the reports of China-backed cyberattacks on Russian companies had emerged before the Ukraine war too. For example, Beijing hackers carried out a cyberattack on Russian submarine designers in 2021. STORY CONTINUES BELOW THIS AD
Boston Globe
20-06-2025
- Politics
- Boston Globe
China unleashes hackers against its friend Russia, seeking war secrets
Advertisement China is far wealthier than Russia and has plenty of homegrown scientific and military expertise, but Chinese military experts often lament that Chinese troops lack battlefield experience. Experts say that China sees the war in Ukraine as a chance to collect information about modern warfare tactics, Western weaponry, and what works against them. 'China likely seeks to gather intelligence on Russia's activities, including on its military operation in Ukraine, defense developments, and other geopolitical maneuvers,' said Che Chang, a researcher with TeamT5. It is unclear how successful these attempts have been, partly because Russian officials have never publicly acknowledged these intrusions. But a classified counterintelligence document from Russia's domestic security agency, known as the FSB, makes clear that intelligence officials are concerned. The document, obtained by The New York Times, says that China is seeking Russian defense expertise and technology and is trying to learn from Russia's military experience in Ukraine. The document refers to China as an 'enemy.' Advertisement With Putin largely cut off from the West, his country has come to rely on China to buy its oil and sell it technology that is essential to its war effort. Moscow and Beijing have formed a bloc against Washington and its allies, alarming Western leaders. The FSB document presents a more complicated relationship than the 'no-limits' partnership that Xi and Putin describe. Allies have been known to spy on one another, but the extent of China's hacking activities against Russia suggests both a higher level of mutual distrust and a reluctance by the Kremlin to share all that it is learning on the battlefield in Ukraine. Drone warfare and software are of particular interest to China, the document says. 'The war in Ukraine fundamentally shifted intelligence priorities for both countries,' said Itay Cohen, a senior researcher with cybersecurity firm Palo Alto Networks who has followed Chinese hacking groups for years. Experts say, and the document indicates, that China wants to learn from Russia's war experience to bolster its own preparedness for potential future conflicts. Taiwan, in particular, is a major potential flashpoint with the West. One Chinese government-funded group has targeted Rostec, the powerful Russian state-owned defense conglomerate, seeking information on satellite communications, radar and electronic warfare, according to Palo Alto Networks. Others have used malicious files, intended to exploit vulnerabilities in Microsoft Word, to penetrate Russian aviation industry targets and state bodies. Advertisement Messages seeking comment were left with the Kremlin and the Chinese Embassy in Moscow. Not all Chinese hacking groups operate at the behest of the government. But security experts have seen evidence of government ties. Russian cybersecurity firm Positive Technologies, for example, said in 2023 that cyberattacks had been mounted on several Russian targets, including in the aerospace, private security, and defense sectors. The attackers used a tool known as Deed RAT, which is widely deployed by Chinese state-sponsored hackers. Cybersecurity experts say Deed RAT is considered 'proprietary' among these groups and is not available for purchase on the dark web like other malware tools. That has enabled state-backed hacking groups in China to use it more widely because it is tough for their adversaries to find a way to combat the malware. Chinese state-sponsored hacking groups have often targeted international companies and government institutions, including in the United States and Europe. But hacking groups appear to have become more interested in Russian targets after the country's February 2022 invasion of Ukraine. Chang said he and his colleagues tracked several Chinese hacking groups targeting Russia. Among them was one of the country's most active hacking groups, known as Mustang Panda. Little is known about Mustang Panda's origins or where it operates inside China, according to researchers who have studied the group. Its activities often accompanied China's Belt and Road economic development initiative, according to Rafe Pilling, director of threat intelligence at security firm Sophos. As China invested in development projects in West Africa and Southeast Asia, he said, hacking soon followed. That is most likely because China invests in countries where it has political and economic interests, which motivates state-sponsored hackers, Pilling said. Advertisement After Russia invaded Ukraine, TeamT5 said that Mustang Panda expanded its scope to target governmental organizations in Russia and the European Union. Pilling, who has been monitoring Mustang Panda's activities for several years, says he suspects that the group is backed by China's Ministry of State Security, its main intelligence body. The ministry supports threat groups that attack targets around the world, he said. In 2022, Mustang Panda targeted Russian military officials and border guard units near the Siberian border with China. 'The targeting we've observed tends to be political and military intelligence-gathering,' Pilling said. That is true of all Chinese hacking groups targeting Russia, he said. 'I think of them as being one of the main tools that the Chinese state has for gathering political and economic intelligence.' Mustang Panda has also attracted the attention of US authorities. In January, the Justice Department and the FBI said that Mustang Panda's malware had infected thousands of computer systems, seeking to steal information. Many of the targets were American, but the malware was also found on computers belonging to Chinese dissidents and European and Asian governments, according to a federal indictment. The indictment makes clear that the United States believes that Mustang Panda is a state-sponsored group. Other Chinese groups have targeted Russia, too. Chang said his team was following another threat group, Slime19, that is continuously targeting the Russian government, energy, and defense sectors. In agreements in 2009 and 2015, China and Russia promised not to carry out cyberattacks targeting each other. But even at the time, analysts suggested that the announcement was largely symbolic. Chinese hacking in Russia did not begin with the war in Ukraine. A 2021 cyberattack, for example, targeted Russian submarine designers. But experts say the war prompted a spike in computer intrusions. Advertisement 'The activity — we saw it immediately in the months following Russia's full-scale invasion of Ukraine,' Cohen said. 'Even though the public narrative was of close ties between Russia and China.' This article originally appeared in
Straits Times
19-06-2025
- Business
- Straits Times
China unleashes hackers against its friend Russia, seeking war secrets
The hacking campaign shows that, despite this partnership and years of promises not to hack each other, China sees Russia as a vulnerable target. PHOTO: REUTERS Since the beginning of the war in Ukraine, groups linked to the Chinese government have repeatedly hacked Russian companies and government agencies in an apparent search for military secrets, according to cyber analysts. The intrusions started accelerating in May 2022, just months after Moscow's full-scale invasion. And they have continued steadily, with Chinese groups worming into Russian systems even as President Vladimir Putin of Russia and President Xi Jinping of China publicly professed a momentous era of collaboration and friendship. The hacking campaign shows that, despite this partnership and years of promises not to hack each other, China sees Russia as a vulnerable target. In 2023, one group, known as Sanyo, impersonated the e-mail addresses of a major Russian engineering firm in the hunt for information on nuclear submarines, according to TeamT5, a Taiwan-based cybersecurity research firm that discovered the attack in 2024 and linked it to the Chinese government. China is far wealthier than Russia and has plenty of homegrown scientific and military expertise, but Chinese military experts often lament that Chinese troops lack battlefield experience. Experts say that China sees the war in Ukraine as a chance to collect information about modern warfare tactics, Western weaponry and what works against them. 'China likely seeks to gather intelligence on Russia's activities, including on its military operation in Ukraine, defense developments and other geopolitical maneuvers,' said Mr Che Chang, a researcher with TeamT5. It is unclear how successful these attempts have been, partly because Russian officials have never publicly acknowledged these intrusions. But a classified counterintelligence document from Russia's domestic security agency, known as the FSB, makes clear that intelligence officials are concerned. The document, obtained by The New York Times, says that China is seeking Russian defence expertise and technology and is trying to learn from Russia's military experience in Ukraine. The document refers to China as an 'enemy'. With Mr Putin largely cut off from the West, his country has come to rely on China to buy its oil and sell it technology that is essential to its war effort. Moscow and Beijing have formed a bloc against Washington and its allies, alarming Western leaders. The FSB document presents a more complicated relationship than the 'no-limits' partnership that Mr Xi and Mr Putin describe. Allies have been known to spy on one another, but the extent of China's hacking activities against Russia suggests both a higher level of mutual distrust and a reluctance by the Kremlin to share all that it is learning on the battlefield in Ukraine. Drone warfare and software are of particular interest to China, the document says. 'The war in Ukraine fundamentally shifted intelligence priorities for both countries,' said Mr Itay Cohen, a senior researcher with cybersecurity firm Palo Alto Networks who has followed Chinese hacking groups for years. Experts say, and the document indicates, that China wants to learn from Russia's war experience to bolster its own preparedness for potential future conflicts. Taiwan, in particular, is a major potential flashpoint with the West. One Chinese government-funded group has targeted Rostec, the powerful Russian state-owned defense conglomerate, seeking information on satellite communications, radar and electronic warfare, according to Palo Alto Networks. Others have used malicious files, intended to exploit vulnerabilities in Microsoft Word, to penetrate Russian aviation industry targets and state bodies. Messages seeking comment were left with the Kremlin and the Chinese Embassy in Moscow. Not all Chinese hacking groups operate at the behest of the government. But security experts have seen evidence of government ties. Russian cybersecurity firm Positive Technologies, for example, said in 2023 that cyberattacks had been mounted on several Russian targets, including in the aerospace, private security and defense sectors. The attackers used a tool known as Deed RAT, which is widely deployed by Chinese state-sponsored hackers. Cybersecurity experts say Deed RAT is considered 'proprietary' among these groups and is not available for purchase on the dark web like other malware tools. That has enabled state-backed hacking groups in China to use it more widely because it is tough for their adversaries to find a way to combat the malware. Chinese state-sponsored hacking groups have often targeted international companies and government institutions, including in the United States and Europe. But hacking groups appear to have become more interested in Russian targets after the country's February 2022 invasion of Ukraine. Mr Chang said he and his colleagues tracked several Chinese hacking groups targeting Russia. Among them was one of the country's most active hacking groups, known as Mustang Panda. Little is known about Mustang Panda's origins or where it operates inside China, according to researchers who have studied the group. Its activities often accompanied China's Belt and Road economic development initiative, according to Mr Rafe Pilling, director of threat intelligence at security firm Sophos. As China invested in development projects in West Africa and Southeast Asia, he said, hacking soon followed. That is most likely because China invests in countries where it has political and economic interests, which motivates state-sponsored hackers, Mr Pilling said. After Russia invaded Ukraine, TeamT5 said that Mustang Panda expanded its scope to target governmental organizations in Russia and the European Union. Mr Pilling, who has been monitoring Mustang Panda's activities for several years, says he suspects that the group is backed by China's Ministry of State Security, its main intelligence body. The ministry supports threat groups that attack targets around the world, he said. In 2022, Mustang Panda targeted Russian military officials and border guard units near the Siberian border with China. 'The targeting we've observed tends to be political and military intelligence-gathering,' Mr Pilling said. That is true of all Chinese hacking groups targeting Russia, he said. 'I think of them as being one of the main tools that the Chinese state has for gathering political and economic intelligence.' NYTIMES Join ST's Telegram channel and get the latest breaking news delivered to you.
