Analysis suggests that state-sponsored hackers with ties to Beijing are increasingly focusing their cyber espionage effort on Moscow.
A cluster of China-linked threat activity has been observed to target Russian organizations, claim researchers at SentinelLabs. The group known as Mustang Panda has targeted Russian organizations since the beginning of the war in Ukraine. In contrast, a novel hacker group dubbed ‘Space Pirates’ penetrated Russia’s space tech industry.
According to a recent report, attackers use a phishing email to deliver Remote Access Trojans (RATs) via infected Microsoft Office documents. Threat actors use Royal Road builder to drop Bisonal backdoor. China-linked hackers often use both software, suggesting Beijing was behind the attacks.
“While the overlap of cyber espionage operations attributed to China has been observed before, the targeting of Russia is a new development,” saidSentinelLabs researcher Tony Gauda.
“This targeting of Russia by Chinese cyber espionage groups appears to be in response to the increased sanctions and other pressure that China has been facing from the West,” he added.
Cyber espionage groups such as Mustang Panda and Space Pirates will likely continue their operations against Russia as their geopolitical tensions rise.
The recent increase in cyberattacks against government and commercial targets in Northeast Asia may suggest that the Chinese government is behind them. However, it is difficult to determine whether or not this is the case. The attacks seem to originate from China, but it is not certain whether or not the Chinese government is responsible for them.
This group has been targeting Russian businesses with well-known attack tactics, like using counterfeit documents that exploit n-day flaws and tailored enticements for Russian companies.