home Geo-politics Asia Russia Attacked by Allies- Most Cyberattacks on the Country Come from China...

Russia Attacked by Allies- Most Cyberattacks on the Country Come from China and North Korea

Nov 21, 2023

This post is also available in: עברית (Hebrew)

A recent report shows that diplomatic relations do not necessarily extend to cyberspace- most cyberattacks on Russia are apparently coming from its allies. Turns out that China and North Korea were behind most of the state-sponsored cyberattacks in Russia, according to the country’s security firm Solar.

20% of all incidents investigated by Solar 4RAYS were carried out by advanced persistent threats (APT) cyber attackers, which are typically state-sponsored groups that pose the most severe cyber threats to organizations.

According to Cybernews, the highest activity was from Chinese groups focused on cyber espionage which was the most active during September 2023, when Chinese APTs attacked and infected 20-40 systems of Russian organizations a day.

Furthermore, the report claims that the North Korean group Lazarus is also very active in the Russian Federation. Researchers investigated several incidents related to this group in the past few years, mostly against Russian government authorities. Data reveals that Lazarus hackers still have access to numerous Russian systems.

Furthermore, Cybernews reported that Lazarus secretly breached computer networks at major Russian missile developer NPO Mashinostroyeniya, while Moscow has been purchasing North Korean shells.

It was also reported that Asian groups were the most active in Russia despite the ongoing war in Ukraine, which also sparked confrontation in cyberspace.

Most of the attacks were carried out against government organizations (44%), the telecom industry (14%), and the agriculture sector (9%). The main goals of cyber attackers were seemingly cyber espionage and data theft.

While APTs were only responsible for 20% of attacks, a significant part of the attacks (42.5%) was attributed to ransomware and other cyber fraudsters who make money by encrypting, stealing, and reselling the data. Almost a third of attacks were DDoS and website defacements.