Chinese hackers attempted stealing Russian defence data: Report

May 20, 2022

Beijing [China], May 20 : Chinese hackers, reportedly sent emails with malware links to scientists and engineers at several of Russia's military research and development institutes on March 23 in order to purportedly obtain critical data on the country's security systems.
The emails, which were supposedly sent by Russia's Ministry of Health and contained seemingly tantalizing information about a "list of persons under U.S. sanctions for invading Ukraine" were actually sent by state-sponsored hackers in China seeking to entice their Russian targets to download and open a document with malware, New York Times reported citing a report by Israeli-American cybersecurity firm Check Point.
Check Point's research showed that despite the countries' deepening ties, China appeared to view Russia as a legitimate target for the theft of sensitive military technological information, the report said.
The report provides new evidence of Chinese efforts to spy on Russia, pointing to the complexity of the relations between the two countries that have drawn closer in solidarity against the US.
It also underscores the sprawling, and increasingly sophisticated, tactics China's cyber spies have used to collect information on an ever-expanding array of targets, including countries it considers friends, like Russia, the New York Times reported.
The Chinese espionage operation began as early as July 2021, before Russia invaded Ukraine, the Check Point report said. The March emails revealed that China's hackers had quickly exploited narratives about the war in Ukraine for their purposes.
"This is a very sophisticated attack," Itay Cohen, the head of cyber research at Check Point was quoted as saying. He added that it demonstrated capabilities "usually reserved for state-backed intelligence services." The hackers used methods and codes similar to those used in previous attacks attributed to hacking groups affiliated with the Chinese state, he said.
The Chinese campaign targeted Russian institutes that research airborne satellite communications, radar and electronic warfare, Check Point said in its report.
Under China's authoritarian leader, Xi Jinping, Beijing has refined its approach to cyberspying, transforming over the past decade into a far more sophisticated actor, New York Times said.
The campaign targeting Russian defence research institutes "might serve as more evidence of the use of espionage in a systematic and long-term effort to achieve Chinese strategic objectives in technological superiority and military power," Check Point's report said.
In late March, Chinese hackers began going after Ukrainian organizations, according to security researchers and an announcement from Ukraine's cybersecurity agency, the report said.
A hacking team known as Scarab sent a document to Ukrainian organizations that offered instructions on how to film evidence of Russian war crimes but also contained malware that could extract information from infected computer systems, the New York Times reported citing researchers at the security firm SentinelOne.
Also in March, another hacking team affiliated with China, which security researchers have called Mustang Panda, created documents that purported to be European Union reports on conditions at the borders of Ukraine and Belarus, and emailed them to potential targets in Europe.
"One thing remains consistent across all these campaigns -- Mustang Panda is clearly looking to conduct espionage campaigns," Cisco Talos researchers were quoted as saying in a report this month about that group's activity.
The Rostec institutes that have been the target of the recent cyber-attacks are mainly engaged in the development of airborne radar, and in the development of devices that can, among other things, disrupt the radar and identification systems used by an enemy, the New York Times report said.
Rostec Corporation was founded by President Vladimir Putin of Russia in 2007 and has become one of Russia's largest military corporations, controlling hundreds of research and manufacturing facilities for high-end defence technology, electronic warfare tools and aircraft engines.