Chinese hackers were likely behind a series of intrusions at Russian government agencies last year, security firm SentinelOne said Tuesday.
Malicious code used in the breaches is similar to hacking tools associated with a broad set of suspected Chinese spies that have also targeted Asian governments in recent years, SentinelOne researchers said.
SentinelOne’s research builds on a report released last month by the Federal Security Service (FSB), one of Russia’s main spy agencies, and the cyber unit of telecom firm Rostelecom. It said Russian government agencies had been targeted by “cyber mercenaries pursuing the interests of the foreign state.”
The attackers collected stolen data using top Russian technology providers Yandex and Mail.Ru, according to the report, which did not name a culprit in the breaches.
SentinelOne’s findings point to a reality that is often overlooked in U.S.-centric cybersecurity discussions: that the Russian and Chinese governments conduct plenty of cyber-espionage against each other. Last year, for example, U.S. officials publicly exposed a suspected Chinese hacking campaign that targeted entities in Russia and other former Soviet republics.
“The idea of Chinese targeting of Russian government [and vice versa] should not shock us,” SentinelOne researcher Juan Andrès Guerrero-Saade said in an email. “Sino-Russian relations are complex and involve hot button issues like a shared border, diplomatic and economic interests.”
And while Western intelligence agencies regularly use public reports to send a message to foreign hackers, it was an unusual move from the FSB. A successor to the Soviet-era KGB, the FSB is a sprawling intelligence service that researchers and U.S. officials have long suspected of sponsoring its own hacking campaigns.
Andrei Soldatov, a Russian journalist who wrote a book on the rise of the FSB after the fall of the Soviet Union, said the FSB report appeared to be an effort to portray Russian organizations as facing the same threats as other organizations.
“It’s like, ‘We all face the same enemy lets fight it together,’” Soldatov said. “And for that, come to us, the FSB, and make us respectful.”
U.S. officials are ramping up pressure on the Russian government to rein in cybercriminals following the Colonial Pipeline ransomware attack. President Joe Biden has accused the perpetrators of operating from Russian soil, albeit not at Moscow’s behest. The White House says Biden will raise the issue in a meeting with Russian President Vladimir Putin later this month.
Soldatov has argued that Russian authorities could exploit the newfound U.S. search for cooperation and accountability in cyberspace.
“[W]hat if all the doors to cooperation, both government and private, remain shut and sealed, except the door of the FSB — the very agency which is accused of carrying out repressions, poisonings, and cyber-attacks?” Soldatov wrote in the Moscow Times last month.
Meanwhile, the politics of the Biden-Putin meeting are playing out before it begins. Talk of Russian involvement in ransomware attacks was meant to “provoke some new conflicts before our meeting with Biden,” Putin said this week.