China unleashes hackers against its friend Russia, seeking war secrets

Advertisement
China is far wealthier than Russia and has plenty of homegrown scientific and military expertise, but Chinese military experts often lament that Chinese troops lack battlefield experience. Experts say that China sees the war in Ukraine as a chance to collect information about modern warfare tactics, Western weaponry, and what works against them.
'China likely seeks to gather intelligence on Russia's activities, including on its military operation in Ukraine, defense developments, and other geopolitical maneuvers,' said Che Chang, a researcher with TeamT5.
It is unclear how successful these attempts have been, partly because Russian officials have never publicly acknowledged these intrusions. But a classified counterintelligence document from Russia's domestic security agency, known as the FSB, makes clear that intelligence officials are concerned. The document, obtained by The New York Times, says that China is seeking Russian defense expertise and technology and is trying to learn from Russia's military experience in Ukraine. The document refers to China as an 'enemy.'
Advertisement
With Putin largely cut off from the West, his country has come to rely on China to buy its oil and sell it technology that is essential to its war effort. Moscow and Beijing have formed a bloc against Washington and its allies, alarming Western leaders. The FSB document presents a more complicated relationship than the 'no-limits' partnership that Xi and Putin describe.
Allies have been known to spy on one another, but the extent of China's hacking activities against Russia suggests both a higher level of mutual distrust and a reluctance by the Kremlin to share all that it is learning on the battlefield in Ukraine.
Drone warfare and software are of particular interest to China, the document says.
'The war in Ukraine fundamentally shifted intelligence priorities for both countries,' said Itay Cohen, a senior researcher with cybersecurity firm Palo Alto Networks who has followed Chinese hacking groups for years. Experts say, and the document indicates, that China wants to learn from Russia's war experience to bolster its own preparedness for potential future conflicts. Taiwan, in particular, is a major potential flashpoint with the West.
One Chinese government-funded group has targeted Rostec, the powerful Russian state-owned defense conglomerate, seeking information on satellite communications, radar and electronic warfare, according to Palo Alto Networks. Others have used malicious files, intended to exploit vulnerabilities in Microsoft Word, to penetrate Russian aviation industry targets and state bodies.
Advertisement
Messages seeking comment were left with the Kremlin and the Chinese Embassy in Moscow.
Not all Chinese hacking groups operate at the behest of the government. But security experts have seen evidence of government ties.
Russian cybersecurity firm Positive Technologies, for example, said in 2023 that cyberattacks had been mounted on several Russian targets, including in the aerospace, private security, and defense sectors. The attackers used a tool known as Deed RAT, which is widely deployed by Chinese state-sponsored hackers. Cybersecurity experts say Deed RAT is considered 'proprietary' among these groups and is not available for purchase on the dark web like other malware tools.
That has enabled state-backed hacking groups in China to use it more widely because it is tough for their adversaries to find a way to combat the malware.
Chinese state-sponsored hacking groups have often targeted international companies and government institutions, including in the United States and Europe. But hacking groups appear to have become more interested in Russian targets after the country's February 2022 invasion of Ukraine.
Chang said he and his colleagues tracked several Chinese hacking groups targeting Russia. Among them was one of the country's most active hacking groups, known as Mustang Panda.
Little is known about Mustang Panda's origins or where it operates inside China, according to researchers who have studied the group. Its activities often accompanied China's Belt and Road economic development initiative, according to Rafe Pilling, director of threat intelligence at security firm Sophos. As China invested in development projects in West Africa and Southeast Asia, he said, hacking soon followed.
That is most likely because China invests in countries where it has political and economic interests, which motivates state-sponsored hackers, Pilling said.
Advertisement
After Russia invaded Ukraine, TeamT5 said that Mustang Panda expanded its scope to target governmental organizations in Russia and the European Union.
Pilling, who has been monitoring Mustang Panda's activities for several years, says he suspects that the group is backed by China's Ministry of State Security, its main intelligence body. The ministry supports threat groups that attack targets around the world, he said. In 2022, Mustang Panda targeted Russian military officials and border guard units near the Siberian border with China.
'The targeting we've observed tends to be political and military intelligence-gathering,' Pilling said. That is true of all Chinese hacking groups targeting Russia, he said. 'I think of them as being one of the main tools that the Chinese state has for gathering political and economic intelligence.'
Mustang Panda has also attracted the attention of US authorities. In January, the Justice Department and the FBI said that Mustang Panda's malware had infected thousands of computer systems, seeking to steal information. Many of the targets were American, but the malware was also found on computers belonging to Chinese dissidents and European and Asian governments, according to a federal indictment.
The indictment makes clear that the United States believes that Mustang Panda is a state-sponsored group.
Other Chinese groups have targeted Russia, too. Chang said his team was following another threat group, Slime19, that is continuously targeting the Russian government, energy, and defense sectors.
In agreements in 2009 and 2015, China and Russia promised not to carry out cyberattacks targeting each other. But even at the time, analysts suggested that the announcement was largely symbolic.
Chinese hacking in Russia did not begin with the war in Ukraine. A 2021 cyberattack, for example, targeted Russian submarine designers. But experts say the war prompted a spike in computer intrusions.
Advertisement
'The activity — we saw it immediately in the months following Russia's full-scale invasion of Ukraine,' Cohen said. 'Even though the public narrative was of close ties between Russia and China.'
This article originally appeared in

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

40 minutes ago

Orbán's anti-Ukraine campaign targets political rival as Hungary's elections loom

BUDAPEST, Hungary -- As Hungary heads toward national elections next spring and the populist government's popularity slumps, Prime Minister Viktor Orbán has zeroed in on a central theme he hopes will sway voters: an alleged threat posed by neighboring Ukraine. While most European Union countries have offered political, financial, and military support to Kyiv since Russia's full-scale invasion in 2022, Hungary under Orbán has charted a starkly different course — refusing to supply Ukraine with weapons or allow their transit through Hungarian territory, demanding sanctions relief and rapprochement with Russia, and adopting a combative stance toward both Kyiv and its EU backers. With his ruling Fidesz party slipping in the polls and a new opposition force gaining momentum, Orbán has escalated a sweeping anti-Ukraine campaign — presenting the upcoming election as a referendum on peace or war. Going further, he has accused his leading political opponent of entering into a treasonous pact with Kyiv to overthrow his government and install a pro-Western, pro-Ukraine administration. Some of his ideas mirror the growing anti-Ukraine messaging coming from right-wing populists in the West, including from President Donald Trump. 'Let's be under no illusions: Brussels and Ukraine are jointly building up a puppet government (in Hungary),' Orbán said on June 6 in comments to state radio. 'They want to change Hungary's policy toward Ukraine after the next elections, or even sooner.' At the heart of Orbán's claims is Ukraine's ambition to join the EU, something Kyiv believes would place it firmly within the embrace of the West and provide a measure of security against potential Russian attacks in the future. While Orbán was a firm supporter of Ukraine's eventual EU accession shortly after Russia launched its full-scale invasion, he now argues that its membership — which will likely take many years — would flood Hungary with crime, cheap labor, and low-quality agricultural products, threatening national sovereignty and economic stability. He has also spuriously claimed that Brussels and Kyiv intend to force Hungarians to fight Russia on the front lines. On Monday, Orbán posted a video to his social media page depicting animated, artificial intelligence-generated scenes of bloodied, machine-gun wielding Hungarian soldiers engaged in armed conflict, and rows of caskets lined beneath Hungarian flags. 'We don't want our children, in the form of the Hungarian army, to be deployed to the Ukrainian front lines or to Ukrainian territory and to come back in coffins,' he said in the video. Central to Orbán's life-or-death narrative of the Hungarian election is his growing campaign against his main political rival, Péter Magyar, a former Fidesz insider whose new Tisza party has surged in popularity. Once married to Hungary's former justice minister, Magyar has become the most formidable challenger to Orbán's rule since the EU's longest-serving leader took office in 2010. With Tisza leading Fidesz in most independent polls, some analysts and domestic critics believe Orbán may be laying the groundwork to discredit or even disqualify Magyar ahead of the 2026 election. Péter Krekó, director of the Budapest-based Political Capital think tank, said Orbán's attempt to link Magyar and Tisza to the image of a dangerous Ukraine is aimed at neutralizing his domestic opposition as popular sentiment appears to be turning against him. 'There is an ongoing campaign against any critical voices in Hungary saying that they are agents of Ukraine, and this can be used also against the Tisza party," he told The Associated Press. "If you can't win back public opinion anymore, then you can try to use a more authoritarian toolkit.' Beyond political rhetoric, such accusations have reached the highest levels of diplomacy. In May, Ukraine's main security agency said that it had arrested two people on suspicion of spying for Hungary by gathering intelligence on Ukraine's military defenses in the west of the country. That set off a tit-for-tat series of diplomatic expulsions, and accusations from Hungary's government that the affair was part of a concerted Ukrainian campaign involving Magyar and his party to undermine Orbán. The prime minister accused Magyar and Tisza of being 'pro-Ukrainian' and supporting Ukraine's EU bid, and alleging that a prominent Tisza member, the former chief of staff of the Hungarian military, has 'deep ties with Ukrainian intelligence.' No evidence has been provided to support the claims, which Magyar has dismissed outright. 'It is outrageous and blood-boiling when a patriot who trained and prepared to be a soldier since the age of 14 and who took a military oath ... is accused of treason by people who would sell their country out,' Magyar told a news conference on June 5. To reinforce its message, the Hungarian government launched a state-funded communication blitz in March, accompanied by a non-binding 'national consultation' on Ukraine's EU membership. Billboards, television ads, and social media posts have flooded the country, portraying Ukrainian President Volodymyr Zelenskyy and European Commission President Ursula von der Leyen as the architects of a plot to undermine, or even destroy Hungary. 'They would bring Ukraine into the EU, but we would pay the price!' reads one poster. 'Let's vote no!' Ukrainian officials have been restrained in reacting to the Hungarian campaign. But in an interview published last week in Hungarian outlet Válasz Online, Zelenskyy criticized the government's use of his face as part of its media barrage, and accused Orbán of being "anti-Ukrainian and anti-European." 'He is using this in his domestic policy: he wants to turn the war in Ukraine to his own advantage in the elections. That is dishonest,' Zelenskyy said. In a post on X on Tuesday, Ukraine's foreign ministry also pushed back on Hungary's accusations. 'The Hungarian government's communication line, which demonizes Ukraine and President Zelenskyy, has gone off the rails,' the ministry's spokesman, Heorhii Tykhyi, wrote. 'We don't see Hungary demanding that Russia accept a ceasefire ... They remain silent when principled action is needed and make baseless accusations when diplomacy is required.'

Newsweek

41 minutes ago

• Newsweek

US's NATO and Pacific Allies Sail Warships Near China's Coast

Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources. Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content. The United Kingdom and Japan—United States allies in NATO and the Pacific respectively—have sent naval ships through the Taiwan Strait, which China has long claimed sovereignty over. Regarding the passage of the British patrol vessel HMS Spey on Wednesday, the Chinese military described it as "undermining peace and stability" across the 110-mile-wide waterway. Newsweek has emailed the Chinese and Japanese defense ministries for further comment. Why It Matters Communist China has declared its "sovereignty, sovereign rights, and jurisdiction" over the Taiwan Strait, which separates its territory from Taiwan and connects two contested seas—the East China Sea and the South China Sea—making it a strategic waterway. Despite never having ruled Taiwan—a security partner of the U.S.—the Communist regime in Beijing has long claimed the self-governed, democratic island as one of its provinces. Xi Jinping, leader of China, has vowed to use force to achieve "reunification," if necessary. As military tensions between China and Taiwan have grown in recent years, the U.S. and its allies and partners have frequently conducted naval and aerial passages through the Taiwan Strait, asserting freedoms of navigation and overflight in accordance with international law. What To Know The Spey—a Royal Navy vessel deployed to the Indo-Pacific region—navigated the Taiwan Strait, according to Taiwanese media citing the British Office in Taipei. Prior to the transit, the ship conducted joint patrols in the East China Sea with the U.S. Coast Guard. The British Office stated that the passage was conducted in accordance with the rights granted under the United Nations Convention on the Law of the Sea. Taiwan's Foreign Ministry said the transit reaffirmed the strait's status as what it calls "international waters." The Royal Navy patrol vessel HMS Spey is moored pier side during a scheduled port visit at Sasebo naval base in Japan on June 5, 2025. The Royal Navy patrol vessel HMS Spey is moored pier side during a scheduled port visit at Sasebo naval base in Japan on June 5, 2025. Mass Communication Specialist 1st Class Kristen Yarber/U.S. Navy The Chinese military's Eastern Theater Command, which oversees military affairs related to Taiwan, confirmed the Spey's transit in a statement on Friday. It claimed its units tracked and monitored the ship in the Taiwan Strait, handling the situation "effectively." This was not the first time a British warship has sailed through the Taiwan Strait. In September 2021, the frigate HMS Richmond—deployed to the western Pacific with an aircraft carrier group—transited the waterway en route to Vietnam after operating in the East China Sea. Meanwhile, Japanese destroyer JS Takanami passed southward through the Taiwan Strait on June 12, Japanese media reported on Thursday, citing unspecified "diplomatic sources." The transit, which was tracked and monitored by the Chinese military, lasted over 10 hours, according to the report. The Japanese warship entered the strait from the East China Sea and proceeded to the Philippines, where it conducted a drill in the South China Sea on June 14. A Philippine naval helicopter hovers above the Japanese destroyer JS Takanami during a joint maritime exercise held in the South China Sea on June 14, 2025. A Philippine naval helicopter hovers above the Japanese destroyer JS Takanami during a joint maritime exercise held in the South China Sea on June 14, 2025. Kyodo via AP Images While the Japanese government does not officially acknowledge naval transits through the Taiwan Strait, the June 12 transit marked the third known passage by Japan's navy. The previous two occurred in September last year and February this year, the report added. What People Are Saying The British Office in Taipei told Taiwanese media on Thursday: "Wherever the Royal Navy operates, it does so in full compliance with international law and exercises its right to freedom of navigation and overflight provided by [United Nations Convention on the Law of the Sea]." The Taiwanese Foreign Ministry said in a statement on Thursday: "The Ministry of Foreign Affairs encourages like-minded countries such as the United Kingdom to jointly defend peace and stability in the Taiwan Strait, promote a free and open Indo-Pacific, and maintain a rules-based international order." Senior Captain Liu Runke, navy spokesperson for the Chinese People's Liberation Army (PLA) Eastern Theater Command, said in a statement on Friday: "The troops of the PLA Eastern Theater Command will remain on high alert at all times and resolutely counter all threats and provocations." What Happens Next It remains to be seen whether other U.S. allies and partners—both within and beyond the Pacific—will deploy warships to the Taiwan Strait, as China continues to maintain a persistent military presence around Taiwan.

UPI

41 minutes ago

• UPI

On This Day, June 20: Arctic Circle reaches record-setting 100 degrees

1 of 5 | On June 20, 2020, the town of Verkhoyansk, Russia, reached a temperature of 100.4 degrees Fahrenheit, the highest temperature ever recorded in the Arctic Circle. File Photo by Anatoli Zhdanov/UPI | License Photo On this date in history: In 1893, a jury in Fall River, Mass., acquitted Lizzie Borden in the ax murders of her father and stepmother. In 1898, the U.S. Navy seized Guam, the largest of the Mariana Islands in the Pacific, during the Spanish-American War. The people of Guam were granted U.S. citizenship in 1950. In 1900, in response to widespread foreign encroachment upon China's national affairs, Chinese nationalists launched the so-called Boxer Rebellion in Beijing. In 1945, Secretary of State Edward Stettinius, Jr. approved the resettlement of Wernher von Braun and his team of Nazi rocket scientists to the United States. Von Braun would go on to lead the U.S. space program. File Photo courtesy of NASA In 1963, the United States and Soviet Union agreed to establish a hot line communications link between Washington and Moscow. In 1967, the American Independent Party was formed to back George Wallace of Alabama for president. In 1977, oil began to flow through the $7.7 billion, 789-mile Trans-Alaska Pipeline. In 1988, armed forces commander Lt. Gen. Henri Namphy declared himself leader of Haiti in a military coup overthrowing President Leslie Manigat. In 1991, the German Parliament voted to move its capital from Bonn to Berlin. In 2004, Pakistan and India reached agreement on banning nuclear testing. In 2009, insurgents, striking in a series of attacks as U.S. troops pulled out of Iraq as planned, set off a truck bomb near a Shiite mosque in northern Iraq, killing 82 people and injuring 250. In 2010, Juan Manuel Santos easily defeated former Bogota Mayor Antanas Mockus to become Colombia's president. File Photo by Kevin Dietsch/UPI In 2020, the town of Verkhoyansk, Russia, reached a temperature of 100.4 degrees Fahrenheit, the highest temperature ever recorded in the Arctic Circle. In 2023, Romanian authorities charged self-styled lifestyle coach and social media personality Andrew Tate and his brother, Tristan Tate, with rape and human trafficking. As of 2025, the brothers were expected to stand trial on the charges. File Photo by Robert Ghement/EPA-EFE