Chinese hackers targeted Russian govt websites to steal 'confidential data': Report
Jun 11, 2021
Moscow [Russia], June 12 : Hackers from China used unique malicious software to hack websites of Russian government agencies for the purpose of stealing confidential government data, according to a report.
The report was released by US company SentinelOne. It is based on a report released last month by the Federal Security Service (FSB), one of Russia's main spy agencies, and the cyber unit of telecom firm Rostelecom.
The report noted how a hacker group called ThunderCats (associated with China) hacked the websites of Russian government agencies.
Experts from the US company SentinelOne said that malicious code used in breaches into the Russian federal executives is similar to hacking tools associated with a broad set of suspected Chinese spies that have also targeted Asian governments in recent years, reported Cyberscoop, a leading media brand in cybersecurity.
Experts have come to the conclusion that hackers from China have developed a unique malicious software (malware) called Mail-O - in fact, a downloader program that outwardly resembles a legitimate utility from Mail.ru Group Disk-O. According to experts, the cyber villains acted in the interests of a foreign state (which one is not specified, but a hint of the Celestial Empire).
These attacks on Russia are called "unprecedented" in the report.
"After penetrating the local network, attackers traditionally carried out measures aimed at completely compromising the infrastructure and stealing confidential government data," the report said,
In the FSB report, experts noted that earlier Russian government agencies had been targeted by "cyber mercenaries pursuing the interests of the foreign state".
The current cyberattack is unique and is assessed by experts as a threat on a federal scale. Those who did it used the latest software.
The level of secrecy of the criminals was on the verge of fantasy: as experts explain, it was achieved thanks to undetectable malware, legitimate utilities, and an understanding of the internal logic of the information security tools used by the authorities.
In addition, criminals used several types of attacks simultaneously: phishing, exploitation of web vulnerabilities, and attacks through contractors. And, finally, the infrastructure of Russian resources (Yandex and Mail.ru Group clouds) was used against Russia.
Obviously, to do this, hackers were involved at the highest level - the fifth. This suggests the conclusion that we are talking about a lot of money, which is not a private person or a group of individuals, but the state.
Citing a report by cybersecurity firm "Recorded Future", news service The CyberWire said that this purchase came under scanner because Beijing has already banned the use of foreign antivirus products, citing security risks.
SentinelOne's findings point to a reality that is often overlooked in US-centric cybersecurity discussions: that the Russian and Chinese governments conduct plenty of cyber espionage against each other.
Last year, for example, US officials publicly exposed a suspected Chinese hacking campaign that targeted entities in Russia and other former Soviet republics.
"The idea of Chinese targeting of Russian government [and vice versa] should not shock us," researcher Juan Andres Guerrero-Saade said in an email.
Sino-Russian relations are complex and involve hot button issues like a shared border, diplomatic and economic interests. "Andrei Soldatov, a Russian journalist who wrote a book on the rise of the FSB after the fall of the Soviet Union, said the FSB report appeared to be an effort to portray Russian organisations as facing the same threats as other organisations.
"It is like, we all face the same enemy, let's fight it together,'' Soldatov adding that "and for that, come to us, the FSB, and maQke us respectful."