Despite the apparently growing Russian-Chinese strategic and military ties, Russia seems to finally be fed up with being cyber hacked by China, and it is uncharacteristically going public about Beijing’s nefarious actions. Samuel Bendett a Research Analyst at the Center for Naval Analysis (CNA) tweeted that:
According to Threat Intelligence Group-IB, a Russian cybersecurity company, Chinese state-backed hackers were attacking Russian government websites over the course of last year. This violates a 2015 bilateral agreement to avoid such attacks.
According to Threat Intelligence Group-IB, a Russian cybersecurity company, Chinese state-backed hackers were attacking Russian government websites over the course of last year. This violates a 2015 bilateral agreement to avoid such attacks. https://t.co/CtJcifSU6i
— Samuel Bendett (@SamBendett) August 5, 2021
One expert at Johns Hopkins School of Advanced International Studies (SAIS) noted:
So it begins: Russian security firm Positive Technologies, also a gov’t contractor in Russia, reports on alleged Chinese APT “Judgment Panda,” including attribution, citing CrowdStrike, Microsoft, and Secureworks.
So it begins: Russian security firm Positive Technologies, also a gov't contractor in Russia, reports on alleged Chinese APT "Judgment Panda," including attribution, citing CrowdStrike, Microsoft, and Secureworks https://t.co/vW8EPZamNN
— Thomas Rid (@RidT) August 4, 2021
Interesting how China is giving Russia a taste of its own medicine. But why go public?
In June, Cyberscoop.com reported that:
Chinese hackers were likely behind a series of intrusions at Russian government agencies last year, security firm SentinelOne said Tuesday.
Malicious code used in the breaches is similar to hacking tools associated with a broad set of suspected Chinese spies that have also targeted Asian governments in recent years, SentinelOne researchers said.
SentinelOne’s research builds on a report released last month by the Federal Security Service (FSB), one of Russia’s main spy agencies, and the cyber unit of telecom firm Rostelecom. It said Russian government agencies had been targeted by “cyber mercenaries pursuing the interests of the foreign state.”
The attackers collected stolen data using top Russian technology providers Yandex and Mail.Ru, according to the report, which did not name a culprit in the breaches.
Key Takeaway, notes Cyberscoop:
SentinelOne’s findings point to a reality that is often overlooked in U.S.-centric cybersecurity discussions: that the Russian and Chinese governments conduct plenty of cyber-espionage against each other.
Last year, for example, U.S. officials publicly exposed a suspected Chinese hacking campaign that targeted entities in Russia and other former Soviet republics.
“The idea of Chinese targeting of Russian government [and vice versa] should not shock us,” SentinelOne researcher Juan Andrès Guerro-Saade said.
What is surprising though is that the FSB, Russia’s successor to the KGB, would go public about it.
But Andrei Soldatov, a Russian journalist and expert on the FSB said its public report appeared to be an effort to portray Russian organizations as facing the same cyber threats as other countries and organizations. Cyberscoop reported:
“It’s like, ‘We all face the same enemy, let’s fight it together,’” Soldatov said. “And for that, come to us, the FSB, and make us respectful.” ADN