Since the beginning of the war in Ukraine, groups linked to the Chinese government have repeatedly hacked Russian companies and government agencies in an apparent search for military secrets, according to cyberanalysts.
The intrusions started accelerating in May 2022, just months after Moscow’s full-scale invasion. And they have continued steadily, with Chinese groups worming into Russian systems even as President Vladimir V. Putin of Russia and President Xi Jinping of China publicly professed a momentous era of collaboration and friendship.
The hacking campaign shows that, despite this partnership and years of promises not to hack each other, China sees Russia as a vulnerable target. In 2023, one group, known as Sanyo, impersonated the email addresses of a major Russian engineering firm in the hunt for information on nuclear submarines, according to TeamT5, a Taiwan-based cybersecurity research firm that discovered the attack last year and linked it to the Chinese government.
China is far wealthier than Russia and has plenty of homegrown scientific and military expertise, but Chinese military experts often lament that Chinese troops lack battlefield experience. Experts say that China sees the war in Ukraine as a chance to collect information about modern warfare tactics, Western weaponry and what works against them.
“China likely seeks to gather intelligence on Russia’s activities, including on its military operation in Ukraine, defense developments and other geopolitical maneuvers,” said Che Chang, a researcher with TeamT5.
It is unclear how successful these attempts have been, partly because Russian officials have never publicly acknowledged these intrusions. But a classified counterintelligence document from Russia’s domestic security agency, known as the F.S.B., makes clear that intelligence officials are concerned. The document, obtained by The New York Times, says that China is seeking Russian defense expertise and technology and is trying to learn from Russia’s military experience in Ukraine. The document refers to China as an “enemy.”
With Mr. Putin largely cut off from the West, his country has come to rely on China to buy its oil and sell it technology that is essential to its war effort. Moscow and Beijing have formed a bloc against Washington and its allies, alarming Western leaders. The F.S.B. document presents a more complicated relationship than the “no-limits” partnership that Mr. Xi and Mr. Putin describe.
Allies have been known to spy on one another, but the extent of China’s hacking activities against Russia suggests both a higher level of mutual distrust and a reluctance by the Kremlin to share all that it is learning on the battlefield in Ukraine.
Drone warfare and software are of particular interest to China, the document says.
“The war in Ukraine fundamentally shifted intelligence priorities for both countries,” said Itay Cohen, a senior researcher with the cybersecurity firm Palo Alto Networks who has followed Chinese hacking groups for years. Experts say, and the document indicates, that China wants to learn from Russia’s war experience to bolster its own preparedness for potential future conflicts. Taiwan, in particular, is a major potential flashpoint with the West.
One Chinese government-funded group has targeted Rostec, the powerful Russian state-owned defense conglomerate, seeking information on satellite communications, radar and electronic warfare, according to Palo Alto Networks. Others have used malicious files, intended to exploit vulnerabilities in Microsoft Word, to penetrate Russian aviation industry targets and state bodies.
Messages seeking comment were left with the Kremlin and the Chinese Embassy in Moscow.
Not all Chinese hacking groups operate at the behest of the government. But security experts have seen evidence of government ties.
The Russian cybersecurity firm Positive Technologies, for example, said in 2023 that cyberattacks had been mounted on several Russian targets, including in the aerospace, private security and defense sectors. The attackers used a tool known as Deed RAT, which is widely deployed by Chinese state-sponsored hackers. Cybersecurity experts say Deed RAT is considered “proprietary” among these groups, and is not available for purchase on the dark web like other malware tools.
Source: New York Times, Times of India
Bd-pratidin English/Lutful Hoque
