China unleashes hackers against its friend Russia, seeking war secrets
The hacking campaign shows that, despite this partnership and years of promises not to hack each other, China sees Russia as a vulnerable target. PHOTO: REUTERS
Since the beginning of the war in Ukraine, groups linked to the Chinese government have repeatedly hacked Russian companies and government agencies in an apparent search for military secrets, according to cyber analysts.
The intrusions started accelerating in May 2022, just months after Moscow's full-scale invasion. And they have continued steadily, with Chinese groups worming into Russian systems even as President Vladimir Putin of Russia and President Xi Jinping of China publicly professed a momentous era of collaboration and friendship.
The hacking campaign shows that, despite this partnership and years of promises not to hack each other, China sees Russia as a vulnerable target.
In 2023, one group, known as Sanyo, impersonated the e-mail addresses of a major Russian engineering firm in the hunt for information on nuclear submarines, according to TeamT5, a Taiwan-based cybersecurity research firm that discovered the attack in 2024 and linked it to the Chinese government.
China is far wealthier than Russia and has plenty of homegrown scientific and military expertise, but Chinese military experts often lament that Chinese troops lack battlefield experience. Experts say that China sees the war in Ukraine as a chance to collect information about modern warfare tactics, Western weaponry and what works against them.
'China likely seeks to gather intelligence on Russia's activities, including on its military operation in Ukraine, defense developments and other geopolitical maneuvers,' said Mr Che Chang, a researcher with TeamT5.
It is unclear how successful these attempts have been, partly because Russian officials have never publicly acknowledged these intrusions.
But a classified counterintelligence document from Russia's domestic security agency, known as the FSB, makes clear that intelligence officials are concerned. The document, obtained by The New York Times, says that China is seeking Russian defence expertise and technology and is trying to learn from Russia's military experience in Ukraine. The document refers to China as an 'enemy'.
With Mr Putin largely cut off from the West, his country has come to rely on China to buy its oil and sell it technology that is essential to its war effort. Moscow and Beijing have formed a bloc against Washington and its allies, alarming Western leaders. The FSB document presents a more complicated relationship than the 'no-limits' partnership that Mr Xi and Mr Putin describe.
Allies have been known to spy on one another, but the extent of China's hacking activities against Russia suggests both a higher level of mutual distrust and a reluctance by the Kremlin to share all that it is learning on the battlefield in Ukraine.
Drone warfare and software are of particular interest to China, the document says.
'The war in Ukraine fundamentally shifted intelligence priorities for both countries,' said Mr Itay Cohen, a senior researcher with cybersecurity firm Palo Alto Networks who has followed Chinese hacking groups for years.
Experts say, and the document indicates, that China wants to learn from Russia's war experience to bolster its own preparedness for potential future conflicts. Taiwan, in particular, is a major potential flashpoint with the West.
One Chinese government-funded group has targeted Rostec, the powerful Russian state-owned defense conglomerate, seeking information on satellite communications, radar and electronic warfare, according to Palo Alto Networks. Others have used malicious files, intended to exploit vulnerabilities in Microsoft Word, to penetrate Russian aviation industry targets and state bodies.
Messages seeking comment were left with the Kremlin and the Chinese Embassy in Moscow.
Not all Chinese hacking groups operate at the behest of the government. But security experts have seen evidence of government ties.
Russian cybersecurity firm Positive Technologies, for example, said in 2023 that cyberattacks had been mounted on several Russian targets, including in the aerospace, private security and defense sectors.
The attackers used a tool known as Deed RAT, which is widely deployed by Chinese state-sponsored hackers. Cybersecurity experts say Deed RAT is considered 'proprietary' among these groups and is not available for purchase on the dark web like other malware tools.
That has enabled state-backed hacking groups in China to use it more widely because it is tough for their adversaries to find a way to combat the malware.
Chinese state-sponsored hacking groups have often targeted international companies and government institutions, including in the United States and Europe. But hacking groups appear to have become more interested in Russian targets after the country's February 2022 invasion of Ukraine.
Mr Chang said he and his colleagues tracked several Chinese hacking groups targeting Russia. Among them was one of the country's most active hacking groups, known as Mustang Panda.
Little is known about Mustang Panda's origins or where it operates inside China, according to researchers who have studied the group. Its activities often accompanied China's Belt and Road economic development initiative, according to Mr Rafe Pilling, director of threat intelligence at security firm Sophos. As China invested in development projects in West Africa and Southeast Asia, he said, hacking soon followed.
That is most likely because China invests in countries where it has political and economic interests, which motivates state-sponsored hackers, Mr Pilling said.
After Russia invaded Ukraine, TeamT5 said that Mustang Panda expanded its scope to target governmental organizations in Russia and the European Union.
Mr Pilling, who has been monitoring Mustang Panda's activities for several years, says he suspects that the group is backed by China's Ministry of State Security, its main intelligence body.
The ministry supports threat groups that attack targets around the world, he said. In 2022, Mustang Panda targeted Russian military officials and border guard units near the Siberian border with China.
'The targeting we've observed tends to be political and military intelligence-gathering,' Mr Pilling said. That is true of all Chinese hacking groups targeting Russia, he said. 'I think of them as being one of the main tools that the Chinese state has for gathering political and economic intelligence.' NYTIMES
Join ST's Telegram channel and get the latest breaking news delivered to you.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Straits Times
10 minutes ago
- Straits Times
US court lets Trump keep control of California National Guard for now
FILE PHOTO: A demonstrator raises his hand holding flowers as members of the National Guard stand in formation outside a federal building during the No Kings protest against U.S. President Donald Trump's policies, in Los Angeles, California, U.S., June 14, 2025. REUTERS/Daniel Cole/File Photo US court lets Trump keep control of California National Guard for now WASHINGTON - A U.S. appeals court let Donald Trump retain control on Thursday of California's National Guard while the state's Democratic governor proceeds with a lawsuit challenging the Republican president's use of the troops to quell protests in Los Angeles. Trump's decision to send troops into Los Angeles prompted a national debate about the use of the military on U.S. soil and inflamed political tension in the country's second most-populous city. On Thursday, a three-judge panel of the San Francisco-based 9th U.S. Circuit Court of Appeals extended its pause on U.S. District Judge Charles Breyer's June 12 ruling that Trump had unlawfully called the National Guard into federal service. Trump probably acted within his authority, the panel said, adding that his administration probably complied with the requirement to coordinate with Governor Gavin Newsom, and even if it did not, he had no authority to veto Trump's directive. "And although we hold that the president likely has authority to federalize the National Guard, nothing in our decision addresses the nature of the activities in which the federalized National Guard may engage," it wrote in its opinion. Newsom could still challenge the use of the National Guard and U.S. Marines under other laws, including the bar on using troops in domestic law enforcement, it added. The governor could raise those issues at a court hearing on Friday in front of Breyer, it said. In a post on X after the decision, Newsom vowed to pursue his challenge. "The president is not a king and is not above the law," he said. "We will press forward with our challenge to President Trump's authoritarian use of U.s. military soldiers against our citizens." Trump hailed the decision in a post on Truth Social. "This is a great decision for our country and we will continue to protect and defend law-abiding Americans," he said. "This is much bigger than Gavin, because all over the United States, if our cities, and our people, need protection, we are the ones to give it to them should state and local police be unable, for whatever reason, to get the job done." Breyer's ruling was issued in a lawsuit against Trump's action brought by Newsom. Breyer ruled that Trump violated a U.S. law governing a president's ability to take control of a state's National Guard by failing to coordinate with the governor. It also found that the conditions set out under the statute to allow this move, such as a rebellion against federal authority, did not exist. Breyer ordered Trump to return control of California's National Guard to Newsom. Hours after Breyer acted, the 9th Circuit panel had put the judge's move on hold protests and turmoil in Los Angeles over Trump's immigration raids, the president on June 7 took control of California's National Guard and deployed 4,000 troops against Newsom's wishes. Trump also ordered 700 U.S. Marines to the city after sending in the National Guard. Breyer has not yet ruled on the legality of the Marine Corps mobilization. At a court hearing on Tuesday on whether to extend the pause on Breyer's decision, members of the 9th Circuit panel questioned lawyers for California and the Trump administration on what role, if any, courts should have in reviewing Trump's authority to deploy the troops. The law sets out three conditions by which a president can federalize state National Guard forces, including an invasion, a "rebellion or danger of a rebellion" against the government or a situation in which the U.S. government is unable with regular forces to execute the country's laws. The appeals court said the final condition had probably been met because protesters hurled items at immigration authorities' vehicles, used trash dumpster as battering rams, threw Molotov cocktails and vandalized property, frustrating law enforcement. The Justice Department has said once the president determines that an emergency exists that warrants the use of the National Guard, no court or state governor can review that decision. The appeals court rejected that argument. The protests in Los Angeles ran for more than a week before they ebbed, leading Los Angeles Mayor Karen Bass to lift a curfew she had imposed. In its June 9 lawsuit California said Trump's deployment of the National Guard and the Marines violated the state's sovereignty and U.S. laws that forbid federal troops from participating in civilian law enforcement. The Trump administration has denied that troops are engaging in law enforcement, saying they are instead protecting federal buildings and personnel, including U.S. Immigration and Customs Enforcement officers. The 9th Circuit panel is comprised of two judges appointed by Trump during his first term and one appointee of Democratic former President Joe Biden. REUTERS Join ST's Telegram channel and get the latest breaking news delivered to you.
Business Times
18 minutes ago
- Business Times
China's warning on blind-box toys sends Pop Mart shares tumbling
POP Mart International Group shares slid in Hong Kong after a Chinese state media commentary called for stricter regulation of businesses offering 'blind cards' and 'mystery boxes'. Shares of the Beijing-based toymaker dropped as much as 6.2 per cent, after having tumbled 5.3 per cent on Thursday; shares in Bloks Group, which sells similar products, fell as much as 7.1 per cent. People's Daily, the flagship newspaper of the Chinese Communist Party, citing legal experts, said in a commentary that Beijing ought to further refine regulations for 'blind cards' and 'mystery boxes', given that these current business models encourage minors to become addicted to purchasing these products. 'The commentary has weighed on investor sentiment, flashing some overheating signs in its business,' said Steven Leung, an executive director at UOB Kay Hian Hong Kong. 'Still, it's a mild reminder as it didn't come directly from a government official.' Even with the slump this week, Pop Mart has still gained about 170 per cent this year, making it the best performer in the MSCI China Index, as consumer fervour for its toys has turned it into one of the hottest Chinese growth companies. Wall Street analysts have been increasing their price targets for the company, citing the growing influence of its intellectual properties. In China, the government prohibits sales of blind boxes to children under eight due to concern over potential addiction. Before the authorities imposed such guidelines in 2023, regulatory risk was a key concern among investors. BLOOMBERG
Straits Times
an hour ago
- Straits Times
Juneteenth holiday goes uncelebrated at White House as Trump complains about too many holidays
Juneteenth, the holiday that marks the end of slavery in the US, went unmarked by President Donald Trump in 2025. FILE PHOTO: REUTERS Juneteenth holiday goes uncelebrated at White House as Trump complains about too many holidays Juneteenth, the holiday that marks the end of slavery in the United States, has been celebrated at the White House each June 19 since it was enshrined into law four years ago. But on June 19 , it went unmarked by the president – except for a post on social media in which he said he would get rid of some 'non-working holidays'. 'Soon we'll end up having a holiday for every once working day of the year,' Mr Trump said in mangled syntax, not mentioning Juneteenth by name nor acknowledging tha t June 19 was a federal holiday. 'It must change if we are going to, MAKE AMERICA GREAT AGAIN!' Ms Karoline Leavitt, the White House press secretary, indicated to reporters earlier in the day that she was not aware of any plans by Mr Trump to sign a holiday proclamation. In the past week alone, he'd issued proclamations commemorating Father's Day, Flag Day and National Flag Week, and the 250th anniversary of the Battle of Bunker Hill – none of which are among the 11 federal holidays. In response to a reporter's question about Juneteenth, Ms Leavitt acknowledged that June 19 was 'a federal holiday,' but noted that White House staff had shown up to work during a briefing that focused primarily on the matter of whether Mr Trump would order strikes on Iran. Mr Trump, who has often used holidays as an occasion to advance his political causes and insult critics and opponents on social media, chose the occasion of Juneteenth instead to float the idea of reducing the number of federal holidays, claiming that they are costing businesses billions of dollars. While most federal employees get those holidays off, private businesses have the choice to close or remain open. Juneteenth commemorates June 19, 1865, the day when a Union general arrived in Galveston, Texas, nearly 2½ years after President Abraham Lincoln signed the Emancipation Proclamation, to finally inform enslaved African Americans there that the Civil War had ended and that all enslaved people had been freed. Months later, the 13th Amendment was ratified, abolishing slavery in the final four border states that had not been subjected to Mr Lincoln's order. It is the newest federal holiday, enshrined into law in 2021 by Congress and then-President Joe Biden. Mr Trump cannot undo it without an act of Congress. The lack of revelry at the White House for a holiday that has been cherished by generations of Black Americans was perhaps not a surprise. Since returning to office, Mr Trump has moved to purge the federal government of diversity, equity and inclusion initiatives and sanitise - or even erase - references to Black history. Even so, the decision not to mark the holiday was an abrupt reversal from his last term, when Mr Trump issued statements on Juneteenth for three years, before it was ever a federal holiday. 'Melania and I send our warmest greetings to all those celebrating Juneteenth, a historic day recognising the end of slavery,' he wrote in 2017, extolling Major General Gordon Granger's announcement in Galveston that all slaves were free. In 2018 he invoked Mr Granger again, and praised 'the courage and sacrifice of the nearly 200,000 former enslaved and free African Americans who fought for liberty'. But Mr Trump's second term has been marked by a widespread effort to slash funding for diversity initiatives, prompting backlash from states, schools and the corporate world. Some cities and institutions that have had their funding cut reported that their Juneteenth celebrations would be smaller this year. Mr Trump's critics dug in sharply, using Juneteenth to call attention to what they called the administration's attempts to bury Black history. Representative Hakeem Jeffries of New York, the Democratic leader, accused the White House and Mr Trump's allies of engaging in 'an intentional effort to turn back the clock' and divide the country by banning books about Black history, dismantling DEI programs and undermining the citizenship protections of the 14th Amendment. 'Today, we celebrate the freedom that Black Americans long fought for and the rich culture that grew from that great struggle,' Mr Jeffries, the first Black leader of a party in either chamber of Congress, said in a statement. 'That struggle roars on.' The holiday also came as Mr Trump marked a new low in his relationship with the NAACP, the oldest and largest US civil rights organisation, which said this week that it would not invite Mr Trump to its national convention, breaking from a 116-year tradition of inviting the president to its marquee event. Mr Biden established Juneteenth as a federal holiday in 2021, after interest in the history of the day was renewed during the summer of 2020 and the nationwide protests that followed the police killings of Black Americans including Mr George Floyd and Ms Breonna Taylor. During his presidency, Mr Biden held a concert on the South Lawn of the White House to commemorate the holiday and gave remarks. On t he evening of Ju ne 19, Mr Biden attended a Juneteenth celebration at Reedy Chapel African Methodist Episcopal Church in Galveston, sitting at the head of the church next to local leaders. He was honoured for signing the federal holiday into law and praised for his appointment of Ms Ketanji Brown Jackson, the first Black woman to serve on the Supreme Court. Speakers did not name Mr Trump, but criticised his administration's policies, especially on diversity. 'Black history is American history,' Mr Biden told the crowd to cheers, according to a livestream of his remarks. Mr Biden also took to task those who thought Juneteenth should not be a federal holiday. 'Some say to you and to me that this doesn't deserve to be a federal holiday,' Mr Biden said. 'They don't want to remember what we all remember – the moral stain, the moral stain of slavery.' NYTIMES Join ST's Telegram channel and get the latest breaking news delivered to you.
