Chinese hackers tried to steal key security data from Russian military institutes: Report

Chinese hackers sent emails with malware links to scientists and engineers at several Russian military research and development institutes on March 23 to purportedly obtain critical defence data on the country’s security systems, reported New York Times. These emails were appearing to be sent by Russia’s Ministry of Health and contained seemingly tantalizing information about a “list of persons under U.S. sanctions for invading Ukraine”. However, they were reportedly sent by state-sponsored hackers in China who were seeking to entice their targets in Russia to download and open a document consisting of malware.

NYT reported the activities of Chinese state-sponsored hackers citing a report by Israeli-American cybersecurity firm Check Point. The report has stated that Check Point’s research revealed that despite the deepening ties between Russia and China, Beijing appeared to view Moscow as a legitimate target for the theft of sensitive military technological information. It is to note here that the report has provided fresh evidence of Chinese efforts to spy on a so-called ally, Russia. This further indicates the complexity of the ties between both the nations that have grown closer in solidarity against the US and the West.

It has also highlighted the increasingly sophisticated tactics that Chinese cyber spies have used to collect information on a range of targets, including the countries like Russia which it considers an ally. Check Point has noted that Chinese espionage actually began in July 2021, months before Russia announced its “special” operation in Ukraine and developed into a wide-range armed conflict. The emails sent in March this year revealed that Chinese hackers had rapidly exploited narratives about the Moscow-Kyiv war for their own motives.

The head of cyber research at Check Point, Itay Cohen was quoted as saying, “this is a very sophisticated attack” and added that it demonstrated the capabilities “usually reserved for state-backed intelligence services”. He noted that the hackers, linked to China, used methods and codes which were similar to the ones used in previous attacks attributed to hacking groups affiliated with Beijing. 

In Russia, the Chinese campaign mainly targeted the institutes that research airborne satellite communications, radar and electronic warfare. NYT stated that under the leadership of Chinese President Xi Jinping, Beijing has revamped its approach to cyberspying, transforming over the past ten years into a way more sophisticated actor. 

The Chinese hackers targeting Russia’s defence research institutes “might serve as more evidence of the use of espionage in a systematic and long-term effort to achieve Chinese strategic objectives in technological superiority and military power," Check Point's report said.

Chinese hackers previously targetted Ukrainian organisations

Earlier in March, Chinese hackers were reported going after Ukrainian organisations, according to security researchers and an announcement from Ukraine’s cybersecurity agency, the report also stated. A hacking team known as Scarab reportedly sent a document to Ukrainian organisations that offered instructions on how to film evidence of Russian war crimes.

However, it also contained malware which could extract information from infected computer systems, reported NYT citing the researchers at the security firm SentinelOne. Separately, also in March, another hacking team affiliated with China, which researchers have named Mustang Panda, created documents that purported to be the European Union (EU) reports on conditions at the borders of Ukraine and Belarus and emailed about the potential targets in Europe. 

"One thing remains consistent across all these campaigns -- Mustang Panda is clearly looking to conduct espionage campaigns," Cisco Talos researchers were quoted as saying in a report this month about that group's activity. NYT also said that the Rostec institutes, which have been the target of the recent cyber-attacks, are mainly engaged in the development of airborne radar and in the development of devices that can disrupt the radar and identification systems used by an enemy among other things. Rostec Corporation was founded by Russian President Vladimir Putin in 2007 and is also the country’s largest military corporation.

Image: Shutterstock/AP