June 15, 2022by Naomi Yusupov

The Chinese-Russian Cybercrime Threat Intelligence Report

Are Chinese and Russian hackers joining forces to attack computer systems and networks in other countries? A newly formed Russian-Chinese ransomware-forum alliance – and the organizer’s call to action against the U.S. – has some cyber specialists alarmed about the threats such a collaboration might pose to the rest of the world.

To discern the nature and extent of the Chinese-Russian cyber threat, it’s critical to understand the motivations and mindsets of the cybercriminals operating in both nations. In fact, the goals and rationales in one country could hardly be more different from those in the other.

Our threat intelligence report, "The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities,” explores these differences in depth, and is required reading for anyone wanting to understand what’s really going on in these countries’ cybercriminal undergrounds.

You + me against the world

As Chinese President Xi Jinping and Russian President Vladimir Putin jointly proclaimed their “friendship without limits” last February, something more sinister was taking place underground.

The previous fall, cybercriminals from both countries had begun to team up as a popular Russian ransomware forum added Mandarin and English accessibility to the Russian-speaking forum and encouraged some 30 Chinese hackers to join the platform, which they did.

The implications of this alliance have raised red flags among cybersecurity researchers, who fear that Chinese-Russian cybercriminal collaboration could indicate imminent joint attacks against U.S. targets. Indeed, the forum's operator has publicly called for ransomware attacks against U.S. organizations.

But should we really be alarmed? The answer will elude anyone without insights into the Russian and Chinese cultures as well as the modus operandi, motives, dependencies and characteristics of each country’s hacker community. Each group has its own obstacles — laws, prohibitions, and penalties — to navigate, as well. We’ve explored these differences in depth. To learn more, read on, or download the full report.

‘Deep’ doesn’t always mean ‘dark’

Russian and Chinese threat actors alike are particularly active and notorious on the deep and dark webs, the shadowy digital lairs where cybercriminals meet. Hidden beneath layers of encryption and anonymity, these threat actors discuss, plan, conspire, and share tools, tactics, and targets for their malicious endeavors using secret forums, markets, messaging platforms, and paste sites. Divided, these groups are worrisome enough; united, they could be fearsome. So — how worried should the rest of the world be?

To find the answer, let’s first examine the deep and dark webs. A bounty of illicit action takes place in these private spaces which, although often conflated, are not the same.

We all use the deep web. It comprises internet content not indexed by search engines – think corporate networks, university libraries, or your own text messages and bank accounts.

To access the dark web, a subset of the deep web, a user needs a web browser such as Tor or Freenet that scrambles location and hides identity. This is where threat actors collaborate, shrouded in anonymity, and where they buy and sell illicit tools and resources such as malware and stolen information.

Together these private spaces contain a hubbub of activity. Cybercrime alone was estimated to generate $6 trillion USD in 2021, exceeding revenues in Japan, the world’s third-largest economy. How could all this action go undetected? The fact is that most – but not all – threat intelligence platforms are unable to penetrate the deep and dark webs.

Spy vs. Spy

Although cybercriminals in Russia and China are among the most active and engaged on the deep and dark webs, they haven’t tended to work together in the past. One reason why: their ways of thinking and operating could hardly be more different.

Russian cybercriminals – ruthless and highly advanced – pursue money above all else. Their targets tend to be financial and their tools developed to maximize their profit. In Russia’s struggling economy, cybercrime can offer a leg up to a populace that’s, for the most part, wildly underpaid.

A sense of community and national pride inspire Chinese hackers, on the other hand. These cyber threat actors work to establish a powerful and sophisticated Chinese hacking collective within the global arena.

With such different motivations, how well will these two disparate groups work together?

Trouble times two

Writing off the Chinese-Russian partnership in light of their differences would almost certainly be a mistake. Each of their motivations — money and nationalism – provides powerful incentives to succeed. And surely the hacker communities in both countries recognize that the power of two is exponentially greater than that of one.

And if their differences pose obstacles to teamwork? Threat actors in each country are well accustomed to challenges, as their authoritarian leaders throw up barrier after barrier to their success – obstacles our report discusses in detail.

The fact that, in each country, cybercriminals carry on in often surprising ways, speaks volumes about their cunning, daring, and commitment to their goals. They will not be daunted, which makes watching their activity on the deep and dark webs all the more critical.

Peering into the dark

If preparation is the key to success, education is the first step toward protecting your business against the Chinese-Russian cybercriminal threat. Read our report to understand what has already happened, what it means, and what might happen next.

Then, to stay apprised of developments as they unfold, monitor the deep and dark webs using an automated threat intelligence solution that alerts you to underground as well as clear-web activity that could threaten your organization. Education plus information is the one-two punch that gives any enterprise a proactive edge in the fight against cybercrime, wherever it’s occurring.

Download Report

You may also like

February 21, 2023

How Telegram became the battlefront of the Russia-Ukraine cyberwar

Read more

December 14, 2022

As Twitter users migrate to Mastodon, threat actors are taking notice

Read more

November 16, 2022

Tour of the Underground Internet

Read more