On the surface, China and Russia appear to be two politically and militarily supportive allies, but in cyberspace this cooperation is rapidly deteriorating. According to recent reports, China-linked cybercriminals have carried out attacks targeting Russian government devices and IT providers. Analysis by Kaspersky revealed that two China-based threat groups, APT27 and APT31, were behind these attacks.
Why did China-linked cyberattacks target Russia?
Starting in late July, Kaspersky researchers discovered a campaign of cyberattacks in Russia dubbed “EastWind”. These attacks detected malware developed by China-linked APT27 and APT31 groups. The attackers managed to infiltrate the devices of the Russian government and IT providers through phishing emails. Malicious files attached to the emails communicated with platforms such as DropBox, GitHub and Quora to download and execute second-stage malware.
The malware used in these attacks included a trojan called GrewApacha and a backdoor called CloudSorcerer. CloudSorcerer has previously been used in attacks against organizations in the US and was used to download a new implant called PlugY, which offers file manipulation, command execution, and keyboard logging.
While China and Russia are known to support each other politically and militarily, their cooperation in cyberspace is fragile. According to Kaspersky’s report, Chinese state-sponsored cybercrime groups cooperate in information gathering and attack strategies.
China supports Russia’s invasion of Ukraine, while Russia supports China’s international stances such as the “One China” policy. But when it comes to information warfare, alliances can break down even between these two powerful allies.
These developments reveal that cybersecurity is becoming increasingly critical in the international arena. How do you think this tension between China and Russia will shape the future of cyber warfare?
{{user}} {{datetime}}
{{text}}