Demo
Cyber-Attacks: Is China Giving Russia a Helping Hand? - Talion

Cyber attackers are known to rely on social engineering tactics to leverage victims’ vulnerabilities for monetary gain. Of late, the war between Russia and Ukraine has been the biggest influence on cyber security, as ransomware attacks have increased, and organisations are re-evaluating their security posture to ensure protection.

Although these attacks originate worldwide, there seems to be a clear link between China and Russia, following their recent public announcement of alliance against US & NATO countries. Could they be coalescing?

 

China and Russia coordinate cyber efforts

SaaS security companies have been analysing recent attack trend lines. They have discovered a sharp rise in activity from Russia and China where there is a consistently high level of both attempted and successful attacks originating within their borders, and it seems that both Russia and China show almost the exact same trend pattern.

There are also allegations that China helped Russia hide money, reportedly stashing away billions before invading Ukraine. This is even more reason for them to coordinate their cyber efforts in parallel since they are already in close correspondence with a clear level of trust.

 

 

But how did this all begin?

China’s strategic alignment with Russia is said to have been born from Putin’s trip to Beijing during the Winter Olympics, where he signed a “no-limits” partnership agreement with Chinese President Xi Jinping, declaring an intention to challenge the Western order based on democracy, freedom and human rights (although it was later denounced by European officials). China’s long-held belief that their state-backed technological advancement will make them highly capable of overturning the Western world makes them the perfect ally to Russia’s current power play over Ukraine.

There has been a recent virtual meeting between China’s top officials and the presidents of the European Council and Commission, named as the “April Fool’s Day Summit” by critics of Beijing in Brussels. European officials wanted clear signals from Xi that there are red lines in China’s relationship with Russia – that there are limits to what Beijing will go along with. Otherwise, they may have to assume these two powerful countries are working in correspondence and that Beijing will do whatever they need to get what they want, in the same manner as Russia.

EU foreign policy chief Josef Borrell told the European Council on Foreign Relations that “we are very, very far away from considering the China threat at the same level of Russia”, despite their close relations, but could China’s threat in the cyberspace prove this wrong? Could ransomware attacks be just as damaging?

 

Increase in cyber-attacks from China

Goals could now be aligned between two of the world’s most notorious and cyber capable countries, and the increase in cyber-attacks from China only adds to this fear.

We have seen the following cyber-attacks occur during the Russia-Ukraine conflict that suggest China could be working with Russia to take advantage of the situation:

  • A Chinese APT group named TA416 were found targeting European governments in January this year, with one personnel responsible for the management and logistics of Ukrainian refugees. This targeting is very much in line with other threat groups focusing on refugee policies and logistics as the tensions between Ukraine and Russia increase.
  • The Chinese group Mustang Panda targeted European entities with phishing emails attached with malicious files, with names such as “Situation at the EU borders with Ukraine.”
  • RedDelta hackers have also jumped upon phishing with emails that contain tracking pixels – a tiny image within a message that alerts the attacker the recipient has opened it, accumulating data on who is more susceptible to fall for further social engineering tactics.

 

 

Geo-political motives: Russia vs China

Earlier this year, the Microsoft Threat Intelligence team identified a China-based ransomware group, dubbed DEV—0401, that exploited a vulnerability in systems running VMWare Horizon, leading to the deployment of the Nightsky ransomware. However, aside from the few occurrences such as these, ransomware attacks from China overall seem to be minimal; they’re more heavily influenced by espionage and would much rather steal corporate information – many of their campaigns have stayed hidden for as long as 8 years.

This contrasts with Russia which has very different motives – they are known to be loud, destructive and financially motivated. They still remain interested in espionage, alongside China, but are known more prominently for their ransomware gangs, now operating cartel style organised businesses out of Russia. In some cases, ransomware groups have joined forces to compromise government-affiliated organisations, and even have alliances within the Russian government itself.

Despite Russia’s loud and destructive approach, China’s attack tools are executed with a much more adept level of sophistication when compared to Russia. Perhaps these two countries are not so aligned after all, but, with this in mind, China may be the perfect ally for Russia, so they too can learn how to disseminate campaigns to this exceptional level.

 

Who has the upper hand?

There are clear links between Russia and China’s cyber efforts, from their formed public alliance to similar attack trend patterns, but there is no way of knowing what is happening behind closed doors. Could China be helping Russia by refraining to dispute their war efforts and increasing their own cyber tactics, or is Russia inadvertently helping China by giving them the opportunistic moment to take advantage of the crisis for successful cyber-attacks?

Either way, organisations must prepare themselves for the predicted onslaught of more ransomware attacks and cyber threats.

 

#RansomAware banner

 

Stay updated with the latest ransomware discussions here.

Feel free to browse our #RansomAware page for more insight, reports and resources.

 
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
24x7x365 UK-based Security Operations Centre
Talion
Service underpinned by market leading threat intelligence team
Talion
Continually developed threat relevant content, backed by SLAs
Talion
MDR service has featured in the Gartner Magic Quadrant for 6 consecutive years
Talion
Experts in SIEM and SOAR technology
Talion
UK-based Senior Leadership
I'm ready
Request a more in-depth demo.
Discuss your cyber security needs
Fill in the form below and one of our team will be in touch to arrange your demo.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Send us a message

Give us a brief description of what you’re looking for and we’ll put you in touch with the best person.