A report published by SentinelLabs highlights a cyber-attack on the Russian government that is believed to be attributed to Chinese threat actors. The report states that Mail-O malware was used in the attack, which is a variant of a malware called PhantomNet or SManger used by threat actor TA428. TA428 is believed to be of Chinese origin and commonly attacks Southeast Asian and Russian targets. The attack on Russian government organizations was confirmed by the Russian Federal Security Service (FSB), the country’s premier intelligence agency.
The idea that Russia and China engage in cyber espionage against one another is not a novel concept. The two countries share a border and have several hot-button geopolitical issues. It is unusual however, for the FSB to publicly report on Chinese cyber-attacks against Russia. This is likely part of a global political strategy to paint Russia as a victim to cyber threats. There is increased pressure from the United States following recent ransomware attacks by Russian threat actors. Binary Defense analysts will continue to follow this story as President Biden is set to meet with Russian President Vladimir Putin on June 16, in Geneva. President Biden made it clear he plans to address the impunity cyber criminals experience while operating in Russia.