Russian-language hacking forums brace for Chinese hackers
Russia’s Cybercrime and Hacking Forums are opening doors for Chinese and English-speaking threat actors, which until now was a relatively small area for them.
Researchers from the threat intelligence firm Flashpoint have observed a spike in activity of Chinese descent and Mandarin-speaking hackers on RAMP, a Russian-language ransomware forum, and other illegal communities on the Dark Web.
Russians allow foreign actors to use their ransomware platforms
The Flashpoint report found that the Russians are opening the doors to Chinese and English-speaking threat actors, which until now has been a relatively small area for them.
“In October, Ramp administrators made changes to the forum’s interface to make it more accessible to English-speaking and Chinese threat actors,” Flashpoint said. report Noted.
They further added that the Russian Cybercrime and Hacking Forums are now available in English and Mandarin, with the exception of the Russian language. Another change they noted is that forum administrators now speak to members more frequently in English than before.
SEE: Officials say China, Russia scan hacked data to haunt US spies
In addition, English content and commentary is also increasingly common, especially among Russian speaking actors. So far, researchers have identified around 30 Chinese users on the forum.
An imminent threat?
Flashpoint researchers suspect this warm-up could be part of a social engineering experiment to manipulate the media and a cover-up attempt to seek international alliance and distribute Groove ransomware.
“At the end of October 2021, the Groove ransomware gang called on other ransomware operators to jointly attack US entities; Once it caught media attention, the operator of Groove’s public blog claimed it was a media hack. It is certainly possible that opening up Ramp to threatening Chinese-speaking actors is part of a similar strategy, ”the researchers wrote.
For example, a user responded to an ad in Chinese asking for ransomware operation partners on the XXS site. Another Russian XSS member greeted 2 Chinese forum members with a post automatically translated into Mandarin.
Cybersecurity researchers consider this to be a suspect development, as threat actors are generally willing to share their TTP (tactics, techniques, and procedures) across their respective economies.