Cyber attackers are known to rely on social engineering tactics to leverage victims’ vulnerabilities for monetary gain. Of late, the war between Russia and Ukraine has been the biggest influence on cyber security, as ransomware attacks have increased, and organisations are re-evaluating their security posture to ensure protection.
Although these attacks originate worldwide, there seems to be a clear link between China and Russia, following their recent public announcement of alliance against US & NATO countries. Could they be coalescing?
SaaS security companies have been evaluating recent attack trend lines. They have discovered a sharp rise in activity from Russia and China where there is a consistently high level of both attempted and successful attacks originating within their borders, and it seems that both Russia and China show almost the exact same trend pattern.
There are also allegations that China helped Russia hide money, reportedly stashing away billions before invading Ukraine. This is even more reason for them to coordinate their cyber efforts in parallel since they are already in close correspondence with a clear level of trust.
China’s strategic alignment with Russia is said to have been born from Putin’s trip to Beijing during the Winter Olympics, where he signed a “no-limits” partnership agreement with Chinese President Xi Jinping, declaring an intention to challenge the Western order based on democracy, freedom and human rights (although it was later denounced by European officials). China’s long-held belief that their state-backed technological advancement will make them highly capable of overturning the Western world makes them the perfect ally to Russia’s current power play over Ukraine.
There has been a recent virtual meeting between China’s top officials and the presidents of the European Council and Commission, named as the “April Fool’s Day Summit” by critics of Beijing in Brussels. European officials wanted clear signals from Xi that there are red lines in China’s relationship with Russia – that there are limits to what Beijing will go along with. Otherwise, they may have to assume these two powerful countries are working in correspondence and that Beijing will do whatever they need to get what they want, in the same manner as Russia.
EU foreign policy chief Josef Borrell told the European Council on Foreign Relations that “we are very, very far away from considering the China threat at the same level of Russia”, despite their close relations, but could China’s threat in the cyberspace prove this wrong? Could ransomware attacks be just as damaging?
Goals could now be aligned between two of the world’s most notorious and cyber capable countries, and the increase in cyber-attacks from China only adds to this fear.
We have seen the following cyber-attacks occur during the Russia-Ukraine conflict that suggest China could be working with Russia to take advantage of the situation:
Earlier this year, the Microsoft Threat Intelligence team identified a China-based ransomware group, dubbed DEV—0401, that exploited a vulnerability in systems running VMWare Horizon, leading to the deployment of the Nightsky ransomware. However, aside from the few occurrences such as these, ransomware attacks from China overall seem to be minimal; they’re more heavily influenced by espionage and would much rather steal corporate information – many of their campaigns have stayed hidden for as long as 8 years.
This contrasts with Russia which has very different motives – they are known to be loud, destructive and financially motivated. They still remain interested in espionage, alongside China, but are known more prominently for their ransomware gangs, now operating cartel style businesses out of Russia. In some cases, ransomware groups have joined forces to compromise government-affiliated organisations, and even have alliances within the Russian government itself.
Despite Russia’s loud and destructive approach, China’s attack tools are executed with a much more adept level of sophistication when compared to Russia. Perhaps these two countries are not so aligned after all, but, with this in mind, China may be the perfect ally for Russia, so they too can learn how to disseminate campaigns to this exceptional level.
There are clear links between Russia and China’s cyber efforts, from their formed public alliance to similar attack trend patterns, but there is no way of knowing what is happening behind closed doors. Could China be helping Russia by refraining to dispute their war efforts and increasing their own cyber tactics, or is Russia inadvertently helping China by giving them the opportunistic moment to take advantage of the crisis for successful cyber-attacks?
Either way, organisations must prepare themselves for the predicted onslaught of more ransomware attacks and cyber threats.
Stay updated with the latest ransomware discussions in our LinkedIn group.
Feel free to browse our #RansomAware page for more insight, reports and resources.
Call us directly and we’ll put you in touch with the most relevant cyber expert.
Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.