Latest news with #APT31
Time of India
a day ago
- Politics
- Time of India
China-Russia trust erodes as Beijing's hackers go rogue, launch cyberattacks to steal Ukraine war secrets
China hackers target Russia despite alliance, seeking war secrets and battlefield data- China hackers targeting Russia have raised serious concerns as multiple cyberattacks linked to Chinese state-sponsored groups have reportedly breached Russian military and defense systems since the Ukraine war began. Despite public declarations of friendship between Moscow and Beijing, cyber analysts say the Chinese government has been actively spying on Russian technologies, including nuclear submarines, drone systems, and battlefield tactics. The breach highlights a growing undercurrent of distrust and strategic intelligence gathering even among so-called allies. Cyber groups tied to Beijing—like APT27 and APT31—are believed to be behind these stealthy operations, using phishing emails and malware to infiltrate sensitive Russian networks. Why are China hackers targeting Russia amid growing friendship? Despite a publicly strong relationship between China and Russia, cybersecurity experts say China hackers have been quietly breaching Russian systems since May 2022 — just months after Russia launched its full-scale invasion of Ukraine. These hacking attempts have continued steadily, with Chinese-linked groups digging into Russia's defense and military data. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Air conditioners without external unit. (click to see prices) Air Condition | Search Ads Search Now Undo According to cybersecurity researchers from TeamT5, one group named Sanyo impersonated a Russian engineering firm's email to seek data on nuclear submarines. The intention behind these cyber intrusions appears to be collecting information about Russia's battlefield operations, modern warfare tactics, and Western weapon technologies seen in Ukraine. Che Chang, a TeamT5 researcher, stated, 'China likely seeks to gather intelligence on Russia's military operations, defense progress, and geopolitical strategies.' This information could help China boost its own military readiness for future conflicts — particularly in regions like Taiwan, which remains a hotbed of geopolitical tension. Live Events What exactly did China's hackers target in Russia? According to cybersecurity researchers at SentinelLabs and Recorded Future, Chinese Advanced Persistent Threat (APT) groups , including APT27 (Emissary Panda) and APT31 (Zirconium) , have been aggressively targeting: Russian military contractors Government departments involved in defense R&D Email servers and document archives linked to Ukraine war planning The hackers reportedly used spear-phishing campaigns , spoofing Russian Ministry of Health notices to plant malware into classified internal systems. One malware strain, called PlugX , known for remote access and data exfiltration, was flagged in these Russian environments—previously used by China in espionage campaigns across Southeast Asia and the Middle East. What kind of information are Chinese hackers after in Russia? The China hackers targeting Russia campaign has been aimed at extracting sensitive military intelligence, especially battlefield-tested insights. Russian defense firms, including Rostec , were among the major targets. Cyber experts from Palo Alto Networks revealed that Chinese hacking groups have sought data on radar systems, satellite communications, drone warfare, and electronic warfare technology. Another method used by these hackers involved Microsoft Word-based malware files, which exploited software vulnerabilities to breach aviation and defense sectors. One particularly dangerous tool spotted in these attacks was Deed RAT , malware considered 'proprietary' among Chinese state-sponsored groups. According to Russian cybersecurity firm Positive Technologies, this malware has been used to attack Russian aerospace, security, and military sectors. Though Russian authorities have not officially acknowledged these attacks, a leaked classified document from Russia's FSB — the domestic security agency — described China as an 'enemy,' confirming internal concerns about Chinese espionage. While China and Russia continue to cooperate publicly, including military drills and joint diplomatic efforts, cyber experts say Beijing has long pursued a "friend-but-watcher" strategy . This means China often spies on both allies and adversaries to: Gauge battlefield conditions in Ukraine Evaluate Russia's military capabilities and vulnerabilities Shape its own geopolitical strategies, including Taiwan preparations According to Recorded Future, China increased cyber-espionage targeting Russia by 87% since early 2023 , focusing particularly on regions near Ukraine and Crimea . Who are the major Chinese hacking groups involved? Several well-known Chinese hacking groups have been identified by cybersecurity teams as being behind these operations. Mustang Panda , one of China's most active state-backed cyber espionage groups, expanded its activities after the war in Ukraine began. TeamT5 and Sophos researchers found that Mustang Panda targeted Russian government agencies and military officials — particularly near the China-Russia Siberian border. According to Rafe Pilling from Sophos, the group's operations often follow China's political or economic interests. 'Wherever China invests — whether West Africa, Southeast Asia, or Russia — Mustang Panda follows with targeted hacking,' said Pilling. He and U.S. intelligence sources believe Mustang Panda operates under the Chinese Ministry of State Security. The group even drew attention from American law enforcement. In January, the U.S. Justice Department indicted individuals tied to Mustang Panda for infecting thousands of systems worldwide, including government networks and devices used by Chinese dissidents. Another Chinese hacking group, Slime19 , has been consistently attacking Russia's energy, government, and defense infrastructure, according to TeamT5's Chang. Has China broken its cybersecurity pact with Russia? In 2009 and 2015, China and Russia publicly agreed not to hack each other's systems. However, analysts have long viewed those agreements as symbolic, lacking enforcement or trust. The evidence emerging since Russia's invasion of Ukraine proves that those deals hold little practical weight. The FSB document accessed by The New York Times shows that Russian intelligence views China's digital espionage as a serious threat. China, while outwardly cooperative with Russia in forums and bilateral trade, appears unwilling to rely on Moscow for open sharing of battlefield learnings. Instead, cyber intrusions have become the preferred route for collecting war data. 'The war in Ukraine shifted the priorities of both countries,' said Itay Cohen from Palo Alto Networks. 'Even though the public narrative was one of close ties, in reality, espionage increased.' How is Russia reacting to these cyber intrusions? Thus far, the Kremlin has not officially condemned China, possibly to avoid diplomatic fallout. However, anonymous Russian cybersecurity sources have told investigative outlet iStories that internal firewalls have been tightened and communications protocols are under review. The Federal Security Service (FSB) reportedly issued an internal memo warning of 'unusual East Asian-origin threats' in mid-2024. Still, no public attribution has been made. This silence may signal Russia's reluctance to publicly challenge China at a time when it faces intense pressure from NATO and the West. What does this mean for future China-Russia relations? While China remains one of Russia's most crucial trade partners — especially with the West largely isolating Moscow — the depth of China hackers targeting Russia reveals a fragile foundation beneath this alliance. The relationship, often described by Presidents Xi and Putin as a 'no-limits' partnership, is evidently full of limits when it comes to trust. China's hunger for military intelligence, especially regarding real-time warfare experience, is pushing it to take bold steps. For China, Russia's war offers a rare, real-world military case study that it can't afford to ignore — especially with tensions rising in the Taiwan Strait. Cyber intrusions are likely to continue, if not grow. As Russian officials stay silent and Chinese hackers grow more sophisticated, the digital battlefield between these two "allies" is already active — and evolving quickly. FAQs: Q1: Why are China hackers targeting Russia during the Ukraine war? To secretly collect Russian military intelligence and battlefield data. Q2: Who is Mustang Panda in the China hacking campaign? Mustang Panda is a top Chinese state-backed hacking group targeting Russia.
Associated Press
30-05-2025
- General
- Associated Press
Czech Republic accuses China of ‘malicious cyber campaign' against its foreign ministry
PRAGUE (AP) — The Czech Republic has accused China of being 'responsible' for cyberattacks against a a communication network of its Foreign Ministry, officials said on Wednesday. The Foreign Ministry in Prague said the malicious activities started in 2022 and targeted the country's critical infrastructure, adding it believed the Advanced Persistent Threat 31, or APT31, hacking group, which is associated with the Chinese Ministry of State Security, was behind the campaign. It was not immediately clear what specific information were seized or what damage was caused by the attacks. The Czech ministry said a new communication system has already been put in place. Foreign Minister Jan Lipavský said in a separate statement that his ministry summoned China's ambassador to Prague to make it clear to Beijing 'that such activities have serious impacts on mutual relations.' 'The government of the Czech Republic strongly condemns this malicious cyber campaign against its critical infrastructure,' the statement said. 'Such behavior undermines the credibility of the People's Republic of China and contradicts its public declarations.' The Chinese Embassy dismissed the Czech accusations as 'groundless.' It said China fights 'all forms of cyber attacks and does not support, promote or tolerate hacker attacks.' The United States denounced the Chinese activities and called on China to stop it immediately, the U.S. Embassy in Prague said in a statement. It said ATP31 previously targeted U.S. and foreign politicians, foreign policy experts and others. 'APT31 has also stolen trade secrets and intellectual property, and targeted entities in some of America's most vital critical infrastructure sectors, including the Defense Industrial Base, information technology, and energy sectors,' the embassy said. NATO and the European Union also condemned the attack and expressed solidarity with the Czechs. 'We observe with increasing concern the growing pattern of malicious cyber activities stemming from the People's Republic of China,' NATO said. 'This attack is an unacceptable breach of international norms,' Kaja Kallas, the EU's foreign policy chief, said. 'The EU will not tolerate hostile cyber actions.' In a separated cyberattack in 2017, the email account of then Czech Foreign Minister Lubomír Zaorálek and the accounts of dozens of ministry officials were successfully hacked. Officials said the attack was sophisticated, and experts believed it was done by a foreign state, which was not named then.
Qatar Tribune
29-05-2025
- Politics
- Qatar Tribune
NATO and EU express solidarity with Prague after Chinese cyberattack
Brussels: European Union and NATO countries on Wednesday expressed their solidarity with the Czech Republic after an alleged Chinese cyberattack targeted the Foreign Ministry in Prague. The Czech Republic has determined that the attack was perpetrated by a group of hackers called the Advanced Persistent Threat 31 (APT31) which is associated with the Ministry of State Security of China, the EU statement read. According to the Czech Foreign Ministry, the attack took place in 2022. 'In recent years, malicious cyber activities linked to this country and targeting the EU and its member states have increased,' the EU's 27 members wrote. The EU strongly condemned cyberattacks and called on China to refrain from such behaviour. 'The European Union reaffirms its strong commitment to prevent, deter and respond to malicious behaviour in cyberspace and stands ready to take further action when necessary,' the statement said. (DPA)
The Sun
29-05-2025
- Politics
- The Sun
Czech FM summons Chinese ambassador over cyberattack
PRAGUE: The Czech Republic on Wednesday summoned China's ambassador over a cyberattack targeting Prague's foreign ministry as the EU and Washington condemned the attack and NATO warned of a growing threat. The Czech foreign ministry said an extensive investigation of the attack 'led to a high degree of certainty about the responsible actor', naming it as China-linked group APT31. 'I summoned the Chinese ambassador to make clear that such hostile actions have serious consequences for our bilateral relations,' Foreign Minister Jan Lipavsky said on X. The foreign ministry of the Czech Republic, an EU and NATO member of 10.9 million people, said in a statement the attack started in 2022 and targeted 'one of the unclassified networks' of the ministry. 'The malicious activity... was perpetrated by the cyberespionage actor APT31 that is publicly associated with the (Chinese) Ministry of State Security,' the ministry added, citing its investigation. 'We call on the People's Republic of China to... refrain from such attacks and to take all appropriate measures to address this situation,' said the ministry. Lipavsky said that 'we detected the attackers during the intrusion'. The Chinese embassy in Prague slammed 'the unfounded accusations against the Chinese side'. 'China absolutely rejects the Czech Republic's accusations and smears against China under the pretext of cybersecurity without any evidence,' it added. 'Growing pattern' The Czech Security Information Office (BIS) singled out China as a threat to security in its 2024 annual report. 'The Chinese embassy logically focuses on gaining information about the Czech political scene,' the BIS said. EU foreign policy chief Kaja Kallas condemned the cyberattack in a statement. 'In 2021, we urged Chinese authorities to take action against malicious cyber activities undertaken from their territory,' Kallas said, adding EU members have nonetheless witnessed attacks from China since then. NATO slammed the attack, saying it observed 'with increasing concern the growing pattern of malicious cyber activities stemming from the People's Republic of China'. Washington also condemned the attack and called on China to 'behave responsibly in cyberspace, adhering to its international commitments'. Taiwan ties Prague has recently angered Beijing by fostering close ties with Taiwan as high-profile Czech delegations, including the parliament speakers, have visited the island while Taiwanese officials came to Prague several times. China is trying to keep Taipei isolated on the world stage and prevents any sign of international legitimacy for the island. It sees such visits as an infringement of the one-China policy which Prague officially pursues, just like the rest of the EU. In May 2024, Lipavsky summoned the Russian ambassador over repeated cyberattacks targeting several European countries, including the Czech Republic, Germany and Poland. They blamed the attacks on the Russian group APT28, also known as Fancy Bear, which has ties to Russia's GRU military intelligence service. The BIS then said that Russia was a 'permanent security threat' for the Czech Republic, which provides substantial humanitarian and military aid to Ukraine battling a Russian invasion since 2022. It added the Chinese threat was also growing in the context of the Ukraine war as 'the North Korea-China axis keeps cultivating relations with Russia that give it a boost in the current conflict'.
The Sun
29-05-2025
- Politics
- The Sun
Czech Republic Summons China Envoy Over Cyberattack
PRAGUE: The Czech Republic on Wednesday summoned China's ambassador over a cyberattack targeting Prague's foreign ministry as the EU and Washington condemned the attack and NATO warned of a growing threat. The Czech foreign ministry said an extensive investigation of the attack 'led to a high degree of certainty about the responsible actor', naming it as China-linked group APT31. 'I summoned the Chinese ambassador to make clear that such hostile actions have serious consequences for our bilateral relations,' Foreign Minister Jan Lipavsky said on X. The foreign ministry of the Czech Republic, an EU and NATO member of 10.9 million people, said in a statement the attack started in 2022 and targeted 'one of the unclassified networks' of the ministry. 'The malicious activity... was perpetrated by the cyberespionage actor APT31 that is publicly associated with the (Chinese) Ministry of State Security,' the ministry added, citing its investigation. 'We call on the People's Republic of China to... refrain from such attacks and to take all appropriate measures to address this situation,' said the ministry. Lipavsky said that 'we detected the attackers during the intrusion'. The Chinese embassy in Prague slammed 'the unfounded accusations against the Chinese side'. 'China absolutely rejects the Czech Republic's accusations and smears against China under the pretext of cybersecurity without any evidence,' it added. 'Growing pattern' The Czech Security Information Office (BIS) singled out China as a threat to security in its 2024 annual report. 'The Chinese embassy logically focuses on gaining information about the Czech political scene,' the BIS said. EU foreign policy chief Kaja Kallas condemned the cyberattack in a statement. 'In 2021, we urged Chinese authorities to take action against malicious cyber activities undertaken from their territory,' Kallas said, adding EU members have nonetheless witnessed attacks from China since then. NATO slammed the attack, saying it observed 'with increasing concern the growing pattern of malicious cyber activities stemming from the People's Republic of China'. Washington also condemned the attack and called on China to 'behave responsibly in cyberspace, adhering to its international commitments'. Taiwan ties Prague has recently angered Beijing by fostering close ties with Taiwan as high-profile Czech delegations, including the parliament speakers, have visited the island while Taiwanese officials came to Prague several times. China is trying to keep Taipei isolated on the world stage and prevents any sign of international legitimacy for the island. It sees such visits as an infringement of the one-China policy which Prague officially pursues, just like the rest of the EU. In May 2024, Lipavsky summoned the Russian ambassador over repeated cyberattacks targeting several European countries, including the Czech Republic, Germany and Poland. They blamed the attacks on the Russian group APT28, also known as Fancy Bear, which has ties to Russia's GRU military intelligence service. The BIS then said that Russia was a 'permanent security threat' for the Czech Republic, which provides substantial humanitarian and military aid to Ukraine battling a Russian invasion since 2022. It added the Chinese threat was also growing in the context of the Ukraine war as 'the North Korea-China axis keeps cultivating relations with Russia that give it a boost in the current conflict'.
