The emails landed on March 23 in the inboxes of scientists and engineers at several of Russia’s military research and development institutes, purportedly sent by Russia’s Ministry of Health. They carried a subject line that offered seemingly tantalizing information about a “list of persons under U.S. sanctions for invading Ukraine.”
But the emails were actually sent by state-sponsored hackers in China seeking to entice their Russian targets to download and open a document with malware, according to a new report to be released Thursday by the Israeli-American cybersecurity firm Check Point.
The report provides new evidence of Chinese efforts to spy on Russia, pointing to the complexity of the relations between two countries that have drawn closer in solidarity against the United States. It also underscores the sprawling, and increasingly sophisticated, tactics China’s cyberspies have used to collect information on an ever-expanding array of targets, including countries it considers friends, like Russia.
Despite the growing global outrage over Russia’s war in Ukraine, China has refused to criticize Moscow and has echoed Russian propaganda to depict the United States and NATO as aggressors in the conflict. But Check Point’s research showed that despite the countries’ deepening ties, China appeared to view Russia as a legitimate target for the theft of sensitive military technological information.
Advertisement
Continue reading the main story
The Chinese campaign targeted Russian institutes that research airborne satellite communications, radar and electronic warfare, Check Point said in its report. The institutes belong to Rostec Corporation, the Russian military conglomerate that is one of the largest and most powerful entities in Russia’s defense establishment.
The Chinese espionage operation began as early as July 2021, before Russia invaded Ukraine, the Check Point report said. The March emails revealed that China’s hackers had quickly exploited narratives about the war in Ukraine for their purposes.
“This is a very sophisticated attack,” said Itay Cohen, the head of cyber research at Check Point, adding that it demonstrated capabilities “usually reserved for state-backed intelligence services.” The hackers used methods and codes similar to those used in previous attacks attributed to hacking groups affiliated with the Chinese state, he said.
For example, by referring to the American sanctions on Russian officials over the war in Ukraine, the attacks used “smart social engineering” that exploited a sensitive topic to try to induce their targets, including skilled defense officials, to open the email, Mr. Cohen said. The hackers also used advanced tactics that better concealed their intrusions in the computers that were attacked, Mr. Cohen said.
Under China’s authoritarian leader, Xi Jinping, Beijing has refined its approach to cyberspying, transforming over the past decade into a far more sophisticated actor. China’s premier spy agency, borrowing a page from Russia, has recruited beyond its ranks, pulling from the country’s growing pool of tech workers. The strategy has made its attacks more scattershot and unpredictable, but analysts say it has also helped strengthen the country’s efforts, enabling spies to run stealthy attacks that target intellectual property as well as political and military intelligence around the world.
Mr. Xi has made improving China’s scientific and technical capabilities a priority in the coming years, with ambitions of becoming a global leader in high-tech fields such as robotics, medical equipment and aviation. The campaign targeting Russian defense research institutes “might serve as more evidence of the use of espionage in a systematic and long-term effort to achieve Chinese strategic objectives in technological superiority and military power,” Check Point’s report said.
More recently, hackers based in China, like their counterparts elsewhere, have taken advantage of the war in Ukraine to break into the computer systems of organizations across Europe. Hackers have preyed upon heightened anxiety about the invasion, tricking their victims into downloading documents that falsely claim to contain information about the war or pose as aid organizations raising money for charity.
Many of the attacks originating from China appear to be focused on gathering information and intellectual property, rather than on causing chaos or disruption that could sway the conflict in favor of Ukraine or Russia, security researchers said.
In late March, Chinese hackers began going after Ukrainian organizations, according to security researchers and an announcement from Ukraine’s cybersecurity agency. A hacking team known as Scarab sent a document to Ukrainian organizations that offered instructions on how to film evidence of Russian war crimes but also contained malware that could extract information from infected computer systems, researchers at the security firm SentinelOne said.
Also in March, another hacking team affiliated with China, which security researchers have called Mustang Panda, created documents that purported to be European Union reports on conditions at the borders of Ukraine and Belarus, and emailed them to potential targets in Europe. But the documents contained malware, and victims who were tricked into opening them inadvertently allowed the hackers to infiltrate their networks, researchers at Google and the security firm Cisco Talos said.
www.nytimes.com
But the emails were actually sent by state-sponsored hackers in China seeking to entice their Russian targets to download and open a document with malware, according to a new report to be released Thursday by the Israeli-American cybersecurity firm Check Point.
The report provides new evidence of Chinese efforts to spy on Russia, pointing to the complexity of the relations between two countries that have drawn closer in solidarity against the United States. It also underscores the sprawling, and increasingly sophisticated, tactics China’s cyberspies have used to collect information on an ever-expanding array of targets, including countries it considers friends, like Russia.
Despite the growing global outrage over Russia’s war in Ukraine, China has refused to criticize Moscow and has echoed Russian propaganda to depict the United States and NATO as aggressors in the conflict. But Check Point’s research showed that despite the countries’ deepening ties, China appeared to view Russia as a legitimate target for the theft of sensitive military technological information.
Advertisement
Continue reading the main story
The Chinese campaign targeted Russian institutes that research airborne satellite communications, radar and electronic warfare, Check Point said in its report. The institutes belong to Rostec Corporation, the Russian military conglomerate that is one of the largest and most powerful entities in Russia’s defense establishment.
The Chinese espionage operation began as early as July 2021, before Russia invaded Ukraine, the Check Point report said. The March emails revealed that China’s hackers had quickly exploited narratives about the war in Ukraine for their purposes.
“This is a very sophisticated attack,” said Itay Cohen, the head of cyber research at Check Point, adding that it demonstrated capabilities “usually reserved for state-backed intelligence services.” The hackers used methods and codes similar to those used in previous attacks attributed to hacking groups affiliated with the Chinese state, he said.
For example, by referring to the American sanctions on Russian officials over the war in Ukraine, the attacks used “smart social engineering” that exploited a sensitive topic to try to induce their targets, including skilled defense officials, to open the email, Mr. Cohen said. The hackers also used advanced tactics that better concealed their intrusions in the computers that were attacked, Mr. Cohen said.
Under China’s authoritarian leader, Xi Jinping, Beijing has refined its approach to cyberspying, transforming over the past decade into a far more sophisticated actor. China’s premier spy agency, borrowing a page from Russia, has recruited beyond its ranks, pulling from the country’s growing pool of tech workers. The strategy has made its attacks more scattershot and unpredictable, but analysts say it has also helped strengthen the country’s efforts, enabling spies to run stealthy attacks that target intellectual property as well as political and military intelligence around the world.
Mr. Xi has made improving China’s scientific and technical capabilities a priority in the coming years, with ambitions of becoming a global leader in high-tech fields such as robotics, medical equipment and aviation. The campaign targeting Russian defense research institutes “might serve as more evidence of the use of espionage in a systematic and long-term effort to achieve Chinese strategic objectives in technological superiority and military power,” Check Point’s report said.
More recently, hackers based in China, like their counterparts elsewhere, have taken advantage of the war in Ukraine to break into the computer systems of organizations across Europe. Hackers have preyed upon heightened anxiety about the invasion, tricking their victims into downloading documents that falsely claim to contain information about the war or pose as aid organizations raising money for charity.
Many of the attacks originating from China appear to be focused on gathering information and intellectual property, rather than on causing chaos or disruption that could sway the conflict in favor of Ukraine or Russia, security researchers said.
In late March, Chinese hackers began going after Ukrainian organizations, according to security researchers and an announcement from Ukraine’s cybersecurity agency. A hacking team known as Scarab sent a document to Ukrainian organizations that offered instructions on how to film evidence of Russian war crimes but also contained malware that could extract information from infected computer systems, researchers at the security firm SentinelOne said.
Also in March, another hacking team affiliated with China, which security researchers have called Mustang Panda, created documents that purported to be European Union reports on conditions at the borders of Ukraine and Belarus, and emailed them to potential targets in Europe. But the documents contained malware, and victims who were tricked into opening them inadvertently allowed the hackers to infiltrate their networks, researchers at Google and the security firm Cisco Talos said.
Chinese Hackers Tried to Steal Russian Defense Data, Report Says
The campaign detailed by a cybersecurity firm highlights Beijing’s increasingly sophisticated tactics to spy on an array of targets, including countries it considers friends.
