State-backed hackers seek intel on nuclear weapons and military capabilities, researchers say.
Russia and China’s “no-limits partnership” hasn’t stopped Beijing’s hackers from snooping around Russia’s defense industry.
Chinese state-sponsored groups including Mustang Panda and Tonto Team have been targeting Russian aerospace and defense firms looking for intelligence on Moscow’s military capabilities, researchers at the Taiwanese cybersecurity firm TeamT5 told POLITICO.
While Moscow and Beijing cultivate a close relationship, “our technical findings paint a different picture,” said Che Chang, senior cyber threat analyst at TeamT5.
The two authoritarian regimes have supported each other strategically in geopolitical hot-button issues including the war in Ukraine and tensions over Taiwan. Leaders Vladimir Putin and Xi Jinping held a 95-minute-long video call just this week to discuss their positioning vis-à-vis the United States’ new President Donald Trump.
But TeamT5’s research shows that doesn’t mean state-backed cyberespionage operations are off.
According to the Taiwanese researchers, the attacks aimed to steal sensitive information on Russia’s advanced weapons programs, particularly nuclear submarines. For instance, Tonto Team impersonated the marine engineering company Rubin Design Bureau, a major nuclear submarine manufacturer, producing more than 85 percent of submarines in the Soviet and later Russian navy.
The Chinese hacking groups already have a track record of targeting Europe, the United States and Taiwan. Mustang Panda was the target of a law enforcement operation led by the U.S. and France earlier this month, saying the group was paid by the People’s Republic of China to develop and spread malicious software abroad.
The cyber espionage campaigns haven’t triggered diplomatic alarm bells in Moscow. Aside from their no-limits partnership, Russia and China have several security agreements including in 2009 and 2015 that specifically make pledges not to conduct cyberattacks against each other. The Russian government hasn’t publicly attributed the cyberattacks that TeamT5 found.
“We are sure that the Russian government is aware that China is conducting these attacks because some Russian companies have attributed them,” Chang said.
Oleg Shakirov, a doctoral student at Johns Hopkins School of Advanced International Studies, said a number of private companies had, including the largest telco firm Rostelecom, which in 2023 revealed that Chinese groups APT 10, 15, 31, 41 as a top threat.
“If you look at how this has been addressed, at least in Russia the activity is treated as a kind of technical issue, not a political issue,” Shakirov said. “If there is an American or Ukrainian attack on Russia, then the government would be very loud about this.”
