China-Russia trust erodes as Beijing's hackers go rogue, launch cyberattacks to steal Ukraine war secrets
China hackers target Russia despite alliance, seeking war secrets and battlefield data-
China hackers targeting Russia
have raised serious concerns as multiple cyberattacks linked to Chinese state-sponsored groups have reportedly breached Russian military and defense systems since the Ukraine war began. Despite public declarations of friendship between Moscow and Beijing, cyber analysts say the Chinese government has been actively spying on Russian technologies, including nuclear submarines, drone systems, and battlefield tactics. The breach highlights a growing undercurrent of distrust and strategic intelligence gathering even among so-called allies.
Cyber groups tied to Beijing—like APT27 and APT31—are believed to be behind these stealthy operations, using phishing emails and malware to infiltrate sensitive Russian networks.
Why are China hackers targeting Russia amid growing friendship?
Despite a publicly strong relationship between China and Russia, cybersecurity experts say
China hackers
have been quietly breaching Russian systems since May 2022 — just months after Russia launched its full-scale invasion of Ukraine. These hacking attempts have continued steadily, with Chinese-linked groups digging into Russia's defense and military data.
by Taboola
by Taboola
Sponsored Links
Sponsored Links
Promoted Links
Promoted Links
You May Like
Air conditioners without external unit. (click to see prices)
Air Condition | Search Ads
Search Now
Undo
According to cybersecurity researchers from TeamT5, one group named
Sanyo
impersonated a Russian engineering firm's email to seek data on nuclear submarines. The intention behind these cyber intrusions appears to be collecting information about Russia's battlefield operations, modern warfare tactics, and Western weapon technologies seen in Ukraine.
Che Chang, a TeamT5 researcher, stated, 'China likely seeks to gather intelligence on Russia's military operations, defense progress, and geopolitical strategies.' This information could help China boost its own military readiness for future conflicts — particularly in regions like Taiwan, which remains a hotbed of geopolitical tension.
Live Events
What exactly did China's hackers target in Russia?
According to cybersecurity researchers at SentinelLabs and Recorded Future,
Chinese Advanced Persistent Threat (APT) groups
, including
APT27 (Emissary Panda)
and
APT31 (Zirconium)
, have been aggressively targeting:
Russian military contractors
Government departments involved in defense R&D
Email servers and document archives linked to Ukraine war planning
The hackers reportedly used
spear-phishing campaigns
, spoofing Russian Ministry of Health notices to plant malware into classified internal systems.
One malware strain, called
PlugX
, known for remote access and data exfiltration, was flagged in these Russian environments—previously used by China in espionage campaigns across Southeast Asia and the Middle East.
What kind of information are Chinese hackers after in Russia?
The
China hackers targeting Russia
campaign has been aimed at extracting sensitive military intelligence, especially battlefield-tested insights. Russian defense firms, including
Rostec
, were among the major targets. Cyber experts from Palo Alto Networks revealed that Chinese hacking groups have sought data on radar systems, satellite communications, drone warfare, and electronic warfare technology.
Another method used by these hackers involved Microsoft Word-based malware files, which exploited software vulnerabilities to breach aviation and defense sectors. One particularly dangerous tool spotted in these attacks was
Deed RAT
, malware considered 'proprietary' among Chinese state-sponsored groups. According to Russian cybersecurity firm Positive Technologies, this malware has been used to attack Russian aerospace, security, and military sectors.
Though Russian authorities have not officially acknowledged these attacks, a leaked classified document from Russia's FSB — the domestic security agency — described China as an 'enemy,' confirming internal concerns about Chinese espionage.
While China and Russia continue to cooperate publicly, including military drills and joint diplomatic efforts, cyber experts say Beijing has long pursued a
"friend-but-watcher" strategy
. This means China often spies on both allies and adversaries to:
Gauge battlefield conditions in Ukraine
Evaluate Russia's military capabilities and vulnerabilities
Shape its own geopolitical strategies, including Taiwan preparations
According to Recorded Future,
China increased cyber-espionage targeting Russia by 87% since early 2023
, focusing particularly on regions near
Ukraine and Crimea
.
Who are the major Chinese hacking groups involved?
Several well-known Chinese hacking groups have been identified by cybersecurity teams as being behind these operations.
Mustang Panda
, one of China's most active state-backed cyber espionage groups, expanded its activities after the war in Ukraine began. TeamT5 and Sophos researchers found that Mustang Panda targeted Russian government agencies and military officials — particularly near the China-Russia Siberian border.
According to Rafe Pilling from Sophos, the group's operations often follow China's political or economic interests. 'Wherever China invests — whether West Africa, Southeast Asia, or Russia — Mustang Panda follows with targeted hacking,' said Pilling. He and U.S. intelligence sources believe Mustang Panda operates under the Chinese Ministry of State Security.
The group even drew attention from American law enforcement. In January, the U.S. Justice Department indicted individuals tied to Mustang Panda for infecting thousands of systems worldwide, including government networks and devices used by Chinese dissidents.
Another Chinese hacking group,
Slime19
, has been consistently attacking Russia's energy, government, and defense infrastructure, according to TeamT5's Chang.
Has China broken its cybersecurity pact with Russia?
In 2009 and 2015, China and Russia publicly agreed not to hack each other's systems. However, analysts have long viewed those agreements as symbolic, lacking enforcement or trust. The evidence emerging since Russia's invasion of Ukraine proves that those deals hold little practical weight.
The FSB document accessed by
The New York Times
shows that Russian intelligence views China's digital espionage as a serious threat. China, while outwardly cooperative with Russia in forums and bilateral trade, appears unwilling to rely on Moscow for open sharing of battlefield learnings. Instead, cyber intrusions have become the preferred route for collecting war data.
'The war in Ukraine shifted the priorities of both countries,' said Itay Cohen from Palo Alto Networks. 'Even though the public narrative was one of close ties, in reality, espionage increased.'
How is Russia reacting to these cyber intrusions?
Thus far, the Kremlin has not officially condemned China, possibly to avoid diplomatic fallout. However, anonymous Russian cybersecurity sources have told investigative outlet iStories that internal firewalls have been tightened and communications protocols are under review.
The Federal Security Service (FSB) reportedly issued an internal memo warning of 'unusual East Asian-origin threats' in mid-2024. Still, no public attribution has been made.
This silence may signal Russia's reluctance to publicly challenge China at a time when it faces intense pressure from NATO and the West.
What does this mean for future China-Russia relations?
While China remains one of Russia's most crucial trade partners — especially with the West largely isolating Moscow — the depth of
China hackers targeting Russia
reveals a fragile foundation beneath this alliance. The relationship, often described by Presidents Xi and Putin as a 'no-limits' partnership, is evidently full of limits when it comes to trust.
China's hunger for military intelligence, especially regarding real-time warfare experience, is pushing it to take bold steps. For China, Russia's war offers a rare, real-world military case study that it can't afford to ignore — especially with tensions rising in the Taiwan Strait.
Cyber intrusions are likely to continue, if not grow. As Russian officials stay silent and Chinese hackers grow more sophisticated, the digital battlefield between these two "allies" is already active — and evolving quickly.
FAQs:
Q1: Why are China hackers targeting Russia during the Ukraine war?
To secretly collect Russian military intelligence and battlefield data.
Q2: Who is Mustang Panda in the China hacking campaign?
Mustang Panda is a top Chinese state-backed hacking group targeting Russia.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
29 minutes ago
- Time of India
'Disturbing': Putin on World War III risk; flags concern over Israel-Iran conflict
Russian President Vladimir Putin (AP photo) Russian President Vladimir Putin on Friday said he was worried when asked whether he feared the world was moving towards a potential World War III, reported news agency Reuters. Speaking at an economic forum in St. Petersburg, Putin noted that global conflict risks were increasing. He pointed to Russia's own war in Ukraine and the ongoing tensions between Israel and Iran. Putin also raised concerns about developments around nuclear facilities in Iran, where Russian specialists are currently constructing two new nuclear reactors for Tehran. "It is disturbing. I am speaking without any irony, without any jokes. Of course, there is a lot of conflict potential, it is growing, and it is right under our noses, and it affects us directly," said Putin. He added, "And this requires, of course, not only our careful attention to the events taking place, but also the search for solutions, the search for solutions, preferably by peaceful means, in all directions." Putin also said that Russia plans to expand military and technical cooperation with "friendly countries" by jointly producing weapons and training military personnel. The Russian President said Moscow aimed to modernise its own armed forces by equipping them with the latest weapons and technology. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Eat 1 Teaspoon Every Night, See What Happens A Week Later [Video] getfittoday Undo "We will harness new technology to improve the combat capabilities of the Russian armed forces, modernise military infrastructure facilities, (and) equip them with the latest technology and weapons and equipment," he said. Putin emphasised that Russia's cooperation with friendly nations would go beyond arms supplies or equipment upgrades. "At the same time, we intend to develop military-technical co-operation with friendly countries. And we are talking not only about supplies or the modernisation of equipment and weapons, but also about joint development, personnel training, and the creation of turn-key enterprises and production facilities," he said, according to Reuters. On the economic front, Putin said Russia planned to strengthen trade ties with its partners by removing barriers, opening new market opportunities, and deepening investment cooperation. Putin has already offered to mediate between Iran and Israel amid escalating tensions in the Middle East. He claimed that Moscow's longstanding ties with both countries make it uniquely positioned to help broker peace. 'We are not imposing anything on anyone; we are simply talking about how we see a possible way out of the situation,' he said. 'But the decision, of course, is up to the political leadership of all these countries, primarily Iran and Israel.' Putin acknowledged the complexity of the crisis, saying 'it's a delicate issue,' but said that a solution to the conflict is possible. 'In my view, a solution could be found," the Russian president said. His comments come at a time of growing concern that Israeli strikes on Iranian targets and the potential for a wider war could draw in other regional and global powers.
News18
33 minutes ago
- News18
Russia Proposed Plan To End Iran-Israel Conflict, Putin Says He Informed Trump, Netanyahu
Last Updated: Kremlin warns region is sliding into war, says ready to mediate as nuclear plant fears grow. Russian President Vladimir Putin said on Friday that he has personally shared Moscow's proposal to resolve the ongoing Iran-Israel conflict with three key figures: US President Donald Trump, Israeli Prime Minister Benjamin Netanyahu and Iran's President Masoud Pezeshkian. However, he was quick to clarify that he is not seeking to mediate. 'I spoke with Netanyahu, Pezeshkian and Trump, key players in this situation," Putin said. 'I shared Russia's vision for resolving the conflict. I hope our proposals will be implemented". 'We are not seeking to mediate, we are just proposing ideas. And if they are attractive to both countries, we'll be happy about it…Now our proposals are also being discussed, we have contacts with our Iranian friends almost on a daily basis, so let's see," he further added. Putin also noted that Israel's large Russian-speaking population factored into Moscow's concerns. 'Israel today is almost a Russian-speaking country. A large number of people from the USSR live there. Moscow takes this into account," he said. I spoke with Netanyahu, Pezeshkian, and Trump, key players in this situation — Putin'I shared Russia's vision for resolving the conflict. I hope our proposals will be implemented' #SPIEF — RT (@RT_com) June 20, 2025 The comments come as the Kremlin issued a broader warning about the spiraling crisis in West Asia. 'The region is plunging into an abyss of instability and war," Kremlin spokesman Dmitry Peskov told reporters on Friday, adding that the situation carries the risk of 'geographic expansion and unpredictable consequences." Russia, which maintains ties with both Tehran and Tel Aviv, has called for restraint from all sides and urged the United States not to launch strikes on Iran. Moscow has also pushed for a diplomatic resolution to tensions around Tehran's nuclear programme. Nuclear safety concerns also came to the fore after Israel briefly claimed on Thursday that it had struck Iran's Bushehr nuclear plant, before retracting the statement. Russia's nuclear energy chief Alexei Likhachev warned that any such attack could cause a 'Chernobyl-style disaster." Likhachev, who heads Rosatom, said on Friday the plant remained 'normal" and under control. 'We very much hope that all our signals from yesterday reached the Israeli leadership," he said. According to him, over 300 Russian specialists are currently stationed at the site, along with their family members. This brings the total Russian presence at Bushehr to around 500. First Published: June 20, 2025, 23:08 IST
Time of India
34 minutes ago
- Time of India
Classroom ‘scam': ACB summons Sisodia, AAP claims diversion tactic
New Delhi: Former deputy chief minister Manish Sisodia on Friday alleged that BJP was using FIRs as a distraction tactic to hide its own failures in governance. Sisodia was called by the anti-corruption branch in a case related to alleged corruption in the construction of classrooms in state-run schools and was questioned for nearly three years. The former deputy chief minister, who had also the education department in AAP govt when the tenders for the construction of classrooms were floated, alleged that BJP was using investigations to divert attention. "Just like all previous probes led to nowhere, this one will also come to nothing," Sisodia said. He claimed that the ruling party had "failed" to do any "meaningful work" in Delhi since assuming office in Feb and "wasted" 100 days "without improving electricity, water, education or healthcare". "BJP, driven by political vendetta, is misusing its agencies to register FIRs in cases where there is no wrongdoing. This is a completely politically motivated case. In the last 10 years, BJP has used every agency to dig into the lives of AAP leaders, yet found nothing. All they do is file fake FIRs and keep dragging the matter. Nothing came out of it earlier, and nothing will come out of it now," he said. Asserting that the accusations had no basis, the AAP functionary said BJP MP Manoj Tiwari levelled allegations against him in the matter. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Pedro Carbo: Inicia hoy con Amazon CFD y construye un segundo ingreso. InvestIQ Registrarse Undo "I filed a defamation case against him. He is out on bail in the defamation case," Sisodia said. Addressing a press conference, former CM and senior AAP functionary Atishi also termed it as a "fake" case. "In the past ten years, over 200 cases have been filed by BJP-controlled agencies against AAP leaders. But despite extensive investigations, raids and examination of files by ED, CBI, Delhi Police and ACB, not a single rupee of corruption has been recovered from any AAP leader," Atishi said. Delhi BJP president Virendra Sachdeva claimed that during their time in office, AAP leaders never provided the requested information to the investigating agencies, which resulted in the probe progressing very slowly. "Now that the BJP is in power in Delhi, the investigative agencies are receiving full cooperation, and not only Manish Sisodia and Satyendar Jain, but several other AAP leaders will soon land in jail," Sachdeva claimed.
