Since the beginning of Russiaʼs full-scale war in Ukraine, China has repeatedly cyberattacked Russian government agencies and defense companies to obtain their military secrets.
This is reported by The New York Times, citing cybersecurity analysts and a leaked secret FSB document.
Cyber activity increased sharply in May 2022. Despite public statements from Moscow and Beijing about “limitless partnership”, China is using the war for espionage — in particular, collecting data on modern combat tactics, Western weapons, and the experience of the Russian military on the front line to prepare for potential conflicts, for example, around Taiwan.
China considers Russia a vulnerable target because it has greater scientific and military experience than it. However, the PRC military lacks combat experience. This is why the country is looking for information about Russiaʼs war against Ukraine.
The Russian FSB, in an internal document obtained by the NYT, directly calls China an “enemy” that is hunting for Russia’s military technology and experience. This indicates a deep distrust between the allies. The Kremlin, despite its economic dependence on Beijing, does not share all of its developments, and Beijing, for its part, is not averse to using cyber espionage even against a “friend and partner”.
According to Palo Alto Networks, one Chinese hacking group with ties to the government has hacked into the systems of Russian defense giant “Rostec” to obtain data on satellite communications, radar systems and electronic warfare equipment. Other groups have worked with malicious files that exploit vulnerabilities in Microsoft Word to infiltrate the Russian aviation industry and government agencies.
While not all Chinese hackers are acting under direct orders from the party, experts see clear traces of ties to official structures. In particular, Russian cybersecurity company Positive Technologies reported attacks on enterprises in the defense, aerospace, and security sectors in 2023. The hackers used the Deed RAT program, a tool actively used by Chinese government hackers and not available for widespread use or purchase on the black market.
One of the most active Chinese hacking groups, Mustang Panda, is among those who have cyberattacked Russia. After the start of Russia’s full-scale invasion of Ukraine, Mustang Panda expanded its attack targets and began working against government structures in Russia and the EU. Experts suggest that Mustang Panda operates under the supervision of China’s Ministry of State Security, the country’s main intelligence agency. The United States considers Mustang Panda to be a Chinese state-run hacking organization.
- In 2009 and 2015, Russia and China officially agreed not to launch cyberattacks against each other, but even then, analysts doubted that such agreements had any real effect.
For more news and in-depth stories from Ukraine, please follow us on X.