China-Russia trust erodes as Beijing's hackers go rogue, launch cyberattacks to steal Ukraine war secrets

China hackers target Russia despite alliance, seeking war secrets and battlefield data-
China hackers targeting Russia
have raised serious concerns as multiple cyberattacks linked to Chinese state-sponsored groups have reportedly breached Russian military and defense systems since the Ukraine war began. Despite public declarations of friendship between Moscow and Beijing, cyber analysts say the Chinese government has been actively spying on Russian technologies, including nuclear submarines, drone systems, and battlefield tactics. The breach highlights a growing undercurrent of distrust and strategic intelligence gathering even among so-called allies.
Cyber groups tied to Beijing—like APT27 and APT31—are believed to be behind these stealthy operations, using phishing emails and malware to infiltrate sensitive Russian networks.
Why are China hackers targeting Russia amid growing friendship?
Despite a publicly strong relationship between China and Russia, cybersecurity experts say
China hackers
have been quietly breaching Russian systems since May 2022 — just months after Russia launched its full-scale invasion of Ukraine. These hacking attempts have continued steadily, with Chinese-linked groups digging into Russia's defense and military data.
by Taboola
by Taboola
Sponsored Links
Sponsored Links
Promoted Links
Promoted Links
You May Like
Air conditioners without external unit. (click to see prices)
Air Condition | Search Ads
Search Now
Undo
According to cybersecurity researchers from TeamT5, one group named
Sanyo
impersonated a Russian engineering firm's email to seek data on nuclear submarines. The intention behind these cyber intrusions appears to be collecting information about Russia's battlefield operations, modern warfare tactics, and Western weapon technologies seen in Ukraine.
Che Chang, a TeamT5 researcher, stated, 'China likely seeks to gather intelligence on Russia's military operations, defense progress, and geopolitical strategies.' This information could help China boost its own military readiness for future conflicts — particularly in regions like Taiwan, which remains a hotbed of geopolitical tension.
Live Events
What exactly did China's hackers target in Russia?
According to cybersecurity researchers at SentinelLabs and Recorded Future,
Chinese Advanced Persistent Threat (APT) groups
, including
APT27 (Emissary Panda)
and
APT31 (Zirconium)
, have been aggressively targeting:
Russian military contractors
Government departments involved in defense R&D
Email servers and document archives linked to Ukraine war planning
The hackers reportedly used
spear-phishing campaigns
, spoofing Russian Ministry of Health notices to plant malware into classified internal systems.
One malware strain, called
PlugX
, known for remote access and data exfiltration, was flagged in these Russian environments—previously used by China in espionage campaigns across Southeast Asia and the Middle East.
What kind of information are Chinese hackers after in Russia?
The
China hackers targeting Russia
campaign has been aimed at extracting sensitive military intelligence, especially battlefield-tested insights. Russian defense firms, including
Rostec
, were among the major targets. Cyber experts from Palo Alto Networks revealed that Chinese hacking groups have sought data on radar systems, satellite communications, drone warfare, and electronic warfare technology.
Another method used by these hackers involved Microsoft Word-based malware files, which exploited software vulnerabilities to breach aviation and defense sectors. One particularly dangerous tool spotted in these attacks was
Deed RAT
, malware considered 'proprietary' among Chinese state-sponsored groups. According to Russian cybersecurity firm Positive Technologies, this malware has been used to attack Russian aerospace, security, and military sectors.
Though Russian authorities have not officially acknowledged these attacks, a leaked classified document from Russia's FSB — the domestic security agency — described China as an 'enemy,' confirming internal concerns about Chinese espionage.
While China and Russia continue to cooperate publicly, including military drills and joint diplomatic efforts, cyber experts say Beijing has long pursued a
"friend-but-watcher" strategy
. This means China often spies on both allies and adversaries to:
Gauge battlefield conditions in Ukraine
Evaluate Russia's military capabilities and vulnerabilities
Shape its own geopolitical strategies, including Taiwan preparations
According to Recorded Future,
China increased cyber-espionage targeting Russia by 87% since early 2023
, focusing particularly on regions near
Ukraine and Crimea
.
Who are the major Chinese hacking groups involved?
Several well-known Chinese hacking groups have been identified by cybersecurity teams as being behind these operations.
Mustang Panda
, one of China's most active state-backed cyber espionage groups, expanded its activities after the war in Ukraine began. TeamT5 and Sophos researchers found that Mustang Panda targeted Russian government agencies and military officials — particularly near the China-Russia Siberian border.
According to Rafe Pilling from Sophos, the group's operations often follow China's political or economic interests. 'Wherever China invests — whether West Africa, Southeast Asia, or Russia — Mustang Panda follows with targeted hacking,' said Pilling. He and U.S. intelligence sources believe Mustang Panda operates under the Chinese Ministry of State Security.
The group even drew attention from American law enforcement. In January, the U.S. Justice Department indicted individuals tied to Mustang Panda for infecting thousands of systems worldwide, including government networks and devices used by Chinese dissidents.
Another Chinese hacking group,
Slime19
, has been consistently attacking Russia's energy, government, and defense infrastructure, according to TeamT5's Chang.
Has China broken its cybersecurity pact with Russia?
In 2009 and 2015, China and Russia publicly agreed not to hack each other's systems. However, analysts have long viewed those agreements as symbolic, lacking enforcement or trust. The evidence emerging since Russia's invasion of Ukraine proves that those deals hold little practical weight.
The FSB document accessed by
The New York Times
shows that Russian intelligence views China's digital espionage as a serious threat. China, while outwardly cooperative with Russia in forums and bilateral trade, appears unwilling to rely on Moscow for open sharing of battlefield learnings. Instead, cyber intrusions have become the preferred route for collecting war data.
'The war in Ukraine shifted the priorities of both countries,' said Itay Cohen from Palo Alto Networks. 'Even though the public narrative was one of close ties, in reality, espionage increased.'
How is Russia reacting to these cyber intrusions?
Thus far, the Kremlin has not officially condemned China, possibly to avoid diplomatic fallout. However, anonymous Russian cybersecurity sources have told investigative outlet iStories that internal firewalls have been tightened and communications protocols are under review.
The Federal Security Service (FSB) reportedly issued an internal memo warning of 'unusual East Asian-origin threats' in mid-2024. Still, no public attribution has been made.
This silence may signal Russia's reluctance to publicly challenge China at a time when it faces intense pressure from NATO and the West.
What does this mean for future China-Russia relations?
While China remains one of Russia's most crucial trade partners — especially with the West largely isolating Moscow — the depth of
China hackers targeting Russia
reveals a fragile foundation beneath this alliance. The relationship, often described by Presidents Xi and Putin as a 'no-limits' partnership, is evidently full of limits when it comes to trust.
China's hunger for military intelligence, especially regarding real-time warfare experience, is pushing it to take bold steps. For China, Russia's war offers a rare, real-world military case study that it can't afford to ignore — especially with tensions rising in the Taiwan Strait.
Cyber intrusions are likely to continue, if not grow. As Russian officials stay silent and Chinese hackers grow more sophisticated, the digital battlefield between these two "allies" is already active — and evolving quickly.
FAQs:
Q1: Why are China hackers targeting Russia during the Ukraine war?
To secretly collect Russian military intelligence and battlefield data.
Q2: Who is Mustang Panda in the China hacking campaign?
Mustang Panda is a top Chinese state-backed hacking group targeting Russia.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Time of India

40 minutes ago

• Time of India

'Who are you?' Mysterious AI voices answer calls of Iranians; diaspora feels 'helpless' as communication with family disrupted

Iran after it was reportedly struck by an Israeli airstrike (Image credits: AP) As tensions escalate between Iran and Israel, Iranians living abroad are encountering an unsettling new challenge, robotic voices answering their calls home. Since Israel launched airstrikes on Iran a week ago, targeting nuclear and military sites, communication with loved ones inside the country has become nearly impossible,reported news agency AP. The Iranian government has imposed a widespread internet and phone blackout, leaving families abroad desperate for any news. Ellie, a 44-year-old British-Iranian woman, was shocked when she tried to call her mother in Tehran. Instead of hearing her mother's voice, a robotic female voice responded in broken English: 'Who you want to speak with? I'm Alyssia. Do you remember me? I think I don't know who are you,' as cited by AP. The same experience has been reported by eight other Iranians in the UK and US. 'Calling your mom and expecting to hear her voice and hearing an AI voice is one of the scariest things I've ever experienced,' said a woman in New York. The robotic messages range from eerie to oddly comforting. One caller heard a voice calmly saying: 'Life is full of unexpected surprises, and these surprises can sometimes bring joy while at other times they challenge us.' by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Memperdagangkan CFD Emas dengan salah satu spread terendah? IC Markets Mendaftar Undo Another message told callers to imagine peaceful places like forests or seashores, even as their families remain unreachable in a country under attack. I ranian cybersecurity experts suggest these diversions could be a government tactic to prevent hacking or spread confusion. In the early days of the conflict, mass voice and text messages were sent to Iranian phones warning citizens to prepare for emergencies. The ministry of information and communications technology oversees Iran's phone systems, and the country's intelligence services are believed to monitor conversations. One expert said it would be difficult for anyone but the government to implement such a large-scale voice diversion system. However, some experts also speculate that Israel could be behind it, referencing similar tactics used in past military operations in Lebanon and Gaza. For many Iranians abroad, these strange voices are not calming, they're haunting reminders of how disconnected they are from their families during a time of crisis. 'The only feeling it gives me,' said a woman in the UK, 'is helplessness.' Elon Musk announced that his satellite internet service, Starlink, has been activated in Iran, where a limited number of people are believed to be using it despite its illegal status. Authorities have been urging citizens to report neighbors possessing the devices amid an ongoing crackdown on suspected espionage. Some Iranians also rely on illegal satellite dishes to access international news.

Time of India

44 minutes ago

• Time of India

Will divert water flowing to Pakistan to Rajasthan by constructing a canal: Amit Shah on Indus Waters Treaty

Union Home Minister Amit Shah while speaking on Indus Waters Treaty has said that India will be diverting the flow of water from Pakistan to Rajasthan through a canal. "We will take water that was flowing to Pakistan to Rajasthan by constructing a canal. Pakistan will be starved of water that it has been getting unjustifiably," Shah said in an exclusive interview with Times of India. India put into "abeyance" its participation in the 1960 treaty, which governs the usage of the Indus river system, after 26 civilians in Kashmir's Pahalgam were killed. The treaty had guaranteed water access for 80% of Pakistan's farms through three rivers originating in India. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Join new Free to Play WWII MMO War Thunder War Thunder Play Now Undo India starts working on canal India has started working towards a larger inter-basin water transfer plan to fully utilise its share of Indus river waters. According to a report by The Times of India, a feasibility study is underway for a 113-km canal that would divert surplus flows from Jammu & Kashmir to Punjab, Haryana, and Rajasthan. This canal will link the Chenab with the Ravi-Beas-Sutlej system. The project aims to optimise India's share under the Indus Waters Treaty by ensuring better use of both eastern (Ravi, Beas, Sutlej) and western (Indus, Jhelum, Chenab) rivers, curbing excess flows into Pakistan. Live Events Sources told ToI that the proposed canal network will tie into 13 existing canal structures across J&K, Punjab, Haryana, and Rajasthan, eventually feeding into the Indira Gandhi canal system. To facilitate this, the Centre is also considering doubling the length of the Ranbir canal from 60 km to 120 km, and fully utilising the Pratap canal, based on feasibility assessments. The Ujh multipurpose project in Kathua district—pending for years—is also being revived. A second Ravi-Beas link below Ujh, planned earlier to stop excess Ravi water from entering Pakistan, will now be part of the larger canal initiative. It would involve a barrage and tunnel to transfer water to the Beas basin. The Ujh is a tributary of the Ravi. These initiatives add to ongoing short-term measures such as desilting reservoirs at Baglihar and Salal hydro projects on the Chenab. India is also speeding up work on several hydroelectric plants — Pakal Dul (1,000 MW), Ratle (850 MW), Kiru (624 MW), and Kwar (540 MW) — to better utilise its Indus system share, ToI reported. Recently, Prime Minister Shehbaz Sharif on Friday reaffirmed Pakistan's willingness to talk with India on all outstanding issues, including Jammu and Kashmir, the Indus Water Treaty, trade and counter-terrorism. However, India has made it clear that it will only have a dialogue with Pakistan on the return of Pakistan-occupied Kashmir and the issue of terrorism.

Time of India

an hour ago

• Time of India

Amid password breach, how can you check if your data is leaked? Learn here

In one of the largest data breaches in recent history, a staggering 16 billion passwords have been leaked online, raising urgent concerns about digital security across the globe. The leak, believed to be a compilation of credentials from multiple past and ongoing breaches, is being dubbed the 'mother of all breaches' by cybersecurity experts . If you're worried your information might be part of the leak, you can check by entering your email ID at HaveIBeenPwned. This trusted site will show whether your credentials have been compromised in any known data breaches. What to do if your data is exposed? If your data has been exposed, change your passwords immediately. Make sure your new passwords are strong, unique, and not similar to ones you've used before. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Cardiologists: 1 spoonful on an empty stomach slims the waist from XL to P (do it today)! Women's health Learn More Undo Also, avoid using the same password across multiple platforms. Using different passwords for different accounts adds an extra layer of security and can help limit the damage in case of future breaches.