© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Chinese hackers use war in Ukraine to target Russia's military complex

While the Kremlin battles a swarm of cyberattacks from hackers supporting Ukraine, China leverages the war to spy on Russia.

A targeted campaign by China-linked threat actors leveraged sanctions-related bait to penetrate Russian defense institutes, a report by Check Point Research (CPR) claims.

According to the report's authors, the campaign, dubbed Twisted Panda, is part of a larger Chinese espionage effort, going on for several months.

The investigation comes amidst previous reports of Beijing's efforts to get into Russian networks. For example, China-linked threat actor Mustang Panda targeted Russian agencies with malicious emails about political events in Eastern Europe.

Russia-based researchers also reported a novel hacker group with likely Asian origins, targeting Russia's space tech industry using previously unknown malware.

CPR's researchers claim that malicious actors have set their aims on at least two of Russia's research institutes, focusing on research and development of highly technological defense solutions.

One more victim of the campaign was likely based in Belarus, whose president Alexander Lukashenko is a staunch ally of Russia's ruler Vladimir Putin.

Both Russia-based institutions hackers targeted belong to Rostec, a Russian state-owned defense conglomerate. Researchers claim that targeted organizations work with developing and manufacturing electronic warfare systems and other military communications equipment.

CRP believes that Twisted Panda is a part of a long-running campaign launched against Russia last June and is likely still active. Researchers believe China-linked state-sponsored groups Stone Panda and Mustang Panda to be behind the operation.

Interestingly enough, Russia boasted a 'truly unprecedented nature' of Russo-Chinese relationships before the Kremlin's troops poured into Ukraine on 24 February.

According to the report, threat actors sent multiple emails to employees of Russia's defense research institutions with a subject implying that the contents of the email would reveal the names of people the US sanctioned over Russia's invasion of Ukraine.

An institute in Belarus was targeted with a subject line 'US Spread of Deadly Pathogens in Belarus.' Emails to organizations in Russia and Belarus alike were made to look like Russia's Ministry of Health sent them.

Documents attached to the emails contained a previously undocumented backdoor called SPINNER.

"The purpose of the backdoor and the operation is likely to collect information from targets inside the high-tech Russian defense industry to support China in its technological advancement," reads the report.

More from Cybernews:

Why can't Russians hack Starlink satellites?

Hacker wars heat up as the pro-Russian Killnet attacks Italy

YouTube takes down 70,000 videos for trivializing the war in Ukraine

Senate accuses ID firm of lying about privacy

How Ukraine is harnessing the power of the IT crowd to defend itself

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked