In this episode of the podcast (#239) we speak with Naomi Yusupov, a Chinese Intelligence Analyst at the threat intelligence firm CyberSixgill about that company’s new report: The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.
As Russia’s war on Ukraine, and Western nations’ sanctions against Russia for its aggression begin to bite, one big question is what role countries like China will play in the conflict. While nominally an ally of Russia, China has so far refused to violate Western sanctions on shipping technology and military supplies. But what about cyber space?
And, while initial expectations of major cyber attacks didn’t come to pass, cyber operations have so far played an important role in the conflict, with Russians releasing custom wiper malware against Ukrainian targets in the early days of the war, and Ukraine striking back with targeted hacks and denial of service attacks on Russian government organizations and companies.
Ukraine war spills into Cyber Underground
The war and wartime alliances have also spilled over into the Dark Web and the cybercriminal underground. Russia has long looked the other ways at domestic cyber crime groups so long as they carried out operations on non—Russian entities. And there has been speculation that some Russian cybercriminals do double duty as contractors for Russia’s FSB and other government entities. Those close ties have affiliated ransomware group Conti saw tens of thousands of chat logs leaked in March by a Ukrainian cybersecurity researcher who infiltrated that group.
Like Russia, China has also invested heavily in cyber operations – from industrial espionage to cyber offensive capabilities. Also like Russia, it strives for military dominance in the cyber realm as it seeks to challenge the dominance of Western adversaries like the U.S. And, like Russia, China also plays host to a wide range of powerful cybercriminal and dark web groups who engage in industrial espionage, cyber attacks, and even ransomware.
Russia cozies up to China for Cyber Ops
And, according to our guest in this week’s podcast, there is growing evidence that – on the Dark Web as in the real world, Russia’s struggles in Ukraine are pushing it closer to China.
Naomi Yusupov is a Chinese Intelligence Analyst at the firm Cybersixgill. In this interview, Naomi and I talk about research she has conducted on the interactions between Chinese and Russian threat actors. The company released a report last week, The Bear and the Dragon, that found a similar dynamic playing out among cyber threat actors in the two countries as between the two governments, with Chinese threat actors anxious to benefit from the deeper experience of their Russian counterparts, but wary of deepening their ties and engagement with Russian actors too much.
The future of the relationships between threat actors on each side of the border will have major implications for organizations around the globe, Yusupov said. To start out our conversation, I asked naomi to tell us a bit about Cybersixgill and the work she does there.
Check out our full conversation using the player above, or use the button below to download the MP3.