Chinese hackers implicated in breach of Russian government agencies

An unusual report from Russia's Federal Security Service has caused a stir.
A girl looks through binoculars near FSB headquarters at Lubyanka Square in Moscow. (Photo by Mikhail Svetlov/Getty Images)

Chinese hackers were likely behind a series of intrusions at Russian government agencies last year, security firm SentinelOne said Tuesday.

Malicious code used in the breaches is similar to hacking tools associated with a broad set of suspected Chinese spies that have also targeted Asian governments in recent years, SentinelOne researchers said.

SentinelOne’s research builds on a report released last month by the Federal Security Service (FSB), one of Russia’s main spy agencies, and the cyber unit of telecom firm Rostelecom. It said Russian government agencies had been targeted by “cyber mercenaries pursuing the interests of the foreign state.”

The attackers collected stolen data using top Russian technology providers Yandex and Mail.Ru, according to the report, which did not name a culprit in the breaches.


SentinelOne’s findings point to a reality that is often overlooked in U.S.-centric cybersecurity discussions: that the Russian and Chinese governments conduct plenty of cyber-espionage against each other. Last year, for example, U.S. officials publicly exposed a suspected Chinese hacking campaign that targeted entities in Russia and other former Soviet republics.

“The idea of Chinese targeting of Russian government [and vice versa] should not shock us,” SentinelOne researcher Juan Andrès Guerrero-Saade said in an email. “Sino-Russian relations are complex and involve hot button issues like a shared border, diplomatic and economic interests.”

And while Western intelligence agencies regularly use public reports to send a message to foreign hackers, it was an unusual move from the FSB. A successor to the Soviet-era KGB, the FSB is a sprawling intelligence service that researchers and U.S. officials have long suspected of sponsoring its own hacking campaigns.

Andrei Soldatov, a Russian journalist who wrote a book on the rise of the FSB after the fall of the Soviet Union, said the FSB report appeared to be an effort to portray Russian organizations as facing the same threats as other organizations.

“It’s like, ‘We all face the same enemy lets fight it together,’” Soldatov said. “And for that, come to us, the FSB, and make us respectful.”


U.S. officials are ramping up pressure on the Russian government to rein in cybercriminals following the Colonial Pipeline ransomware attack. President Joe Biden has accused the perpetrators of operating from Russian soil, albeit not at Moscow’s behest. The White House says Biden will raise the issue in a meeting with Russian President Vladimir Putin later this month.

Soldatov has argued that Russian authorities could exploit the newfound U.S. search for cooperation and accountability in cyberspace.

“[W]hat if all the doors to cooperation, both government and private, remain shut and sealed, except the door of the FSB — the very agency which is accused of carrying out repressions, poisonings, and cyber-attacks?” Soldatov wrote in the Moscow Times last month.

Meanwhile, the politics of the Biden-Putin meeting are playing out before it begins. Talk of Russian involvement in ransomware attacks was meant to “provoke some new conflicts before our meeting with Biden,” Putin said this week.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts