Cybercrime: Chinese hackers are targeting the Russian National Institute for Defense Studies, the report said

New Delhi, May 20: Chinese cybercriminals are targeting Russian defense research institutes, according to a report released Friday by cybersecurity firm Checkpoint Research (CPR).

The report states that cyber-spy activities are by Chinese nation-state officials and use spear phishing emails sent under the guise of the Russian Ministry of Health to collect sensitive information. Cybercrime in Noida: Former ITBP officer of Rs 30,000 was deceived

The email captured by CPR contained malicious documents that used Western sanctions against Russia as a decoy. This operation also relies on social engineering techniques, especially sanctions-related baits.

According to the report, threat attackers were able to evade detection for about 11 months using new undocumented tools (a sophisticated multi-layer loader and a backdoor called SPINNER).

CPR has named this campaign “Twist Panda”, reflecting the sophistication of the tools observed.

CheckPoint said it has identified a total of three defense research targets, two in Russia and one in Belarus. Russian victims belong to Russia’s largest holding company, Rossec Corporation, in the radio-electronics industry.

Their main business is the development and manufacture of electronic warfare systems, military-specific in-vehicle radio electronics, aerial radar stations, and national identification means.

The research institute is also involved in the development of a variety of civilian products such as avionics systems for civil aviation, medical devices and control systems for the energy, transportation and engineering industries.

“We have exposed ongoing espionage to a Russian defense research institute carried out by experienced and sophisticated Chinese-backed threat actors. Our investigation shows that this is Russia-related. We have discovered two targeted defense research institutes in Russia and one organization in Belarus, indicating that they are part of an ongoing larger activity against the entity of CheckPoint Software. ” Itay Cohen says.

On March 23, malicious emails were sent to several Russian-based defense research institutes. The email with the subject “List of (target agency names) persons under US sanctions for the invasion of Ukraine” contains a link to a site controlled by an attacker imitating the Russian Ministry of Health, a malicious document. Was attached.

On the same day, a similar email was sent to an unknown entity in Minsk, Belarus, with the subject “Diffusion of a deadly pathogen in Belarus to the United States.” All package inserts are made like the official documents of the Russian Ministry of Health and have the official emblem and title.

The tactics, techniques, and procedures (TTP) of this operation allow CPR to be attributed to China’s APT activities. The Twisted Panda campaign has multiple overlaps with China’s leading and long-standing cyber spy actors such as the APT10 and Mustang Panda.

Cohen said the social engineering component is probably the most sophisticated part of the campaign.

“The timing of the attacks and the lures used are clever. From a technical point of view, the quality of the tools and their obfuscation are above average in the APT group,” he said.

“We believe that our findings serve as more evidence that espionage is a systematic and long-term effort to achieve China’s strategic goals for achieving technological advantages. In this study, we saw how Chinese state-run attackers were taking advantage of the ongoing war against those who are considered strategic partners between Russia and Ukraine, namely Russia. Unleash advanced tools, “cohen added.

(The above story was first published on May 20, 2022 at 2:39 pm IST. Log on to our website for news and updates on politics, the world, sports, entertainment and lifestyle. please.

function loadAPI() {
var js_fb = document.createElement(‘script’);
var a_fb=1;
document.addEventListener(‘scroll’, function(e) {
if(a_fb == 1){

(function(v,d,o,ai){ai=d.createElement(‘script’);ai.defer=true;ai.async=true;ai.src=v.location.protocol+o;d.head.appendChild(ai);})(window, document, ‘//’);

(function() {
var cads = document.createElement(“script”);
cads.async = true;
cads.type = “text/javascript”;
cads.src = “”;
var node = document.getElementsByTagName(“script”)[0];
node.parentNode.insertBefore(cads, node);

}); Cybercrime: Chinese hackers are targeting the Russian National Institute for Defense Studies, the report said

Show More
Back to top button