Chinese state-sponsored hackers target Russian military technology

Chinese state-sponsored hackers target Russian military technology


The so-called “no limits” friendship between the People’s Republic of China (PRC) and Russia apparently doesn’t extend to respecting each other’s military secrets.

Chinese state-sponsored hackers recently targeted Russian researchers as part of a ruse to steal sensitive military technology, a cybersecurity firm reported in May 2022. Known as Twisted Panda, the ongoing espionage campaign likely seeks “to collect information from targets inside the high-tech Russian defense industry to support China in its technological advancement,” according to Check Point Research.

The PRC’s cyber spies struck just a month after Chinese Communist Party General Secretary Xi Jinping and Russian President Vladimir Putin declared their nations’ strategic partnership and shared vision for a new world order, according to media reports. Their February 2022 meeting in Beijing ahead of that city hosting the Winter Olympics was followed weeks later by Russia’s unprovoked invasion of Ukraine. Unlike many nations, the PRC has refused to condemn Russia’s assault and continuing atrocities or to sanction Putin’s regime.

Chinese hackers, however, used international sanctions against Moscow to lure victims at defense research institutes linked to Russian state-owned defense conglomerate Rostec Corp., according to Check Point Research. The targeted entities develop and manufacture electronic warfare systems, radar stations and other military technology.

“It comes as no surprise that Russian entities themselves became an attractive target for spear-phishing campaigns that are exploiting the sanctions imposed on Russia by Western countries,” the Israeli-U.S. firm reported. “These sanctions have put enormous pressure on the Russian economy, and specifically on organizations in multiple Russian industries.”

Malware-laced emails sent in late March 2022 to scientists and engineers at Rostec-related organizations purportedly came from Russia’s health ministry and promised details about a “list of persons under U.S. sanctions for invading Ukraine,” The New York Times newspaper reported in mid-May.

The hackers used similar manipulations earlier in their campaign against Russian entities, which dates at least to mid-2021, according to Check Point Research. “The evolution of the tools and techniques throughout this time period indicates that the actors behind the campaign are persistent in achieving their goals in a stealthy manner,” the firm reported. “In addition, the Twisted Panda campaign shows once again how quickly Chinese espionage actors adapt and adjust to world events, using the most relevant and up-to-date lures to maximize their chances of success.”

Other Chinese state-sponsored hackers and cybercriminals have sought to capitalize on the chaos of the Russia-Ukraine war. In March 2022, analysts with global tech giant Google reported that a hacking group tied to the People’s Liberation Army has “conducted campaigns against government and military organizations” in Ukraine and other nations. Ukraine’s spy agency also reported that the PRC was behind a massive cyberattack on the nation’s military and nuclear facilities in the days before Russia’s invasion in late February 2022, according to media reports.

Meanwhile, Russian hackers have launched phishing attacks on a Ukraine-based defense contractor and U.S.-based think tanks and nongovernmental organizations, Google analysts reported. One Russia-based group, COLDRIVER, targeted the militaries of multiple Eastern European countries and a NATO Centre of Excellence.

The PRC long has been accused of using covert activities against friend and foe alike to further its goal of becoming a global power. Given that track record of spying, Check Point Research reported, the Twisted Panda campaign “might serve as more evidence of the use of espionage in a systematic and long-term effort to achieve Chinese strategic objectives in technological superiority and military power.”