Report from Cybersixgill – Russia, China Cybercriminal Actions

Cybersixgill Releases In-depth Report “The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities”

Latest Threat Research Sheds Light on Fledgling Cybercriminal Alliance between Russian and Chinese Threat Actors and Discusses What this Collaboration Might Mean for the Cyber Threat Landscape

Tel Aviv, Israel – June 15, 2022 Cybersixgill, the leading threat intelligence provider, announced today its latest report, The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities, offering an in-depth look at the activities, characteristics, and motives of cybercriminal groups in the two respective countries.

Based on research conducted by Cybersixgill’s expert threat intelligence analysts over several months, the report assesses the differences and similarities between Russian and Chinese threat activity on the cybercriminal underground. It discusses each community’s underlying motives, dependencies, characteristics, and ways of operating. Cybersixgill’s new report also examines the inherent issues and complexities regarding cybersecurity collaboration and joint law enforcement efforts between countries to crack down on hackers.

The Bear and the Dragon: Differences and Similarities in Cybercrime

While Russia and China are considered the two most significant state sponsors of cyberattacks against the West, targeting government and business organizations alike. Cybersixgill’s report focuses on individual threat actors motivated by their selfish interests rather than groups associated with advanced, state-sponsored, or state-related activity.

Key findings include:

  • China’s cybercriminal community is dedicated to its own, helping one another to build a stronger, more experienced Chinese hacking collective.
  • Russian cybercriminals, on the other hand, are highly advanced, ruthless, and motivated by one thing above all else – money.
  • Russian-speaking forums and marketplaces on the deep and dark web are focused on organizing and classifying communications based on level of expertise and area of activity. For example, financial fraud and carding platforms deal solely with the transaction of stolen financial data, whereas hacking spaces focus on malware, ransomware, tools, services, and exploit kits.
  • Due to the strict internet restrictions imposed by their government, the Chinese cybercriminal underground exists in two parallel arenas: on the clear web,

cybercriminals are careful to champion the interests of the motherland, targeting only those victims that would be acceptable to the People’s Republic of China. On the Chinese-language dark web platforms, domestic offerings dominate the marketplace, including exfiltrated data from Chinese companies, gambling applications, drugs, access to cracked web cameras, and more.

“The cybercriminal communities in Russia and China have evolved due to their respective regional cultures and circumstances,” said Naomi Yusupov, Chinese-language Cyber Intelligence Analyst for Cybersixgill. “While these two ecosystems have historically remained separate, recently, the Russian and Chinese cybercriminal worlds seem to have collided in a fledgling alliance, posing new threats to organizations around the globe. We’re releasing this report to help CISOs and security teams understand the threats they may face because of these activities and empower them to take preemptive steps to protect their organization and assets.”

“Russian-speaking dark web forums are making their platforms accessible to Mandarin- and English-speaking users, with Russian threat actors, actively making overtures to their Chinese counterparts to encourage collaborative cybercriminal efforts,” said Delilah Schwartz, Cyber Geopolitics and Extremism Expert for Cybersixgill.

Ms. Schwartz continues, “Given Russian-speaking cybercriminals’ sophistication and constantly evolving modus operandi, the transfer of this knowledge to Chinese threat actors is especially concerning. Should this Russian and Chinese alliance continue, a devastating new non-state cyber superpower may emerge, unchecked by diplomatic concerns or fears of destabilizing the international order. Our new report offers an in-depth analysis as companies, and government entities face the mounting threats posed by increasingly sophisticated threat actors. It provides valuable insights on these communities and the threats they may pose to help private organizations preemptively protect themselves from falling victim to the next attack.”

Cybersixgill’s The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities is available for download at https://www.cybersixgill.com/resources/threat-reports/russian-chinese-cybercriminal-communities/.

About Cybersixgill
Cybersixgill continuously collects and exposes the earliest possible indications of risk
produced by threat actors moments after they surface on the clear, deep, and dark web. This data is processed, correlated, and enriched using automation to create profiles and patterns of threat actors and their peer networks, including the source and context of each threat. Cybersixgill’s extensive body of data can be consumed through a range of solutions that are seamlessly integrated into your existing security stack, so you can pre-empt threats before they materialize into attacks. The company serves and partners with global enterprises, financial institutions, MSSPs, and government and law enforcement agencies.