- "기밀 VM의 빈틈을 메운다" 마이크로소프트의 오픈소스 파라바이저 '오픈HCL'란?
- The best early Black Friday AirPods deals: Shop early deals
- The 19 best Black Friday headphone deals 2024: Early sales live now
- I tested the iPad Mini 7 for a week, and its the ultraportable tablet to beat at $100 off
- The best Black Friday deals 2024: Early sales live now
Russian Cybercrime Forums Throw Doors Open to Chinese-Speakers
Security researchers have started to see a thawing of relations between Russian and Chinese and English-speaking threat actors.
The Russian-speaking cybercrime world has hitherto been fairly closed to actors from other regions. However, Flashpoint claimed to have seen a more inclusive approach adopted of late, especially on the Ramp forum.
“In October, Ramp administrators made changes to the forum’s interface that make it more accessible to Chinese-speaking and English-speaking threat actors,” the threat intelligence firm claimed.
“Forum sections are now in Russian, English, and Mandarin; the main administrator is addressing members in English more often than before; and there is noticeably more English content and comments – and even coming from some Russian-speaking actors.”
There are said to be around 30 Chinese users on the forum thus far.
However, although Russian cyber-criminals may seek international alliances, Flashpoint warned that the moves might be a smokescreen similar to those surrounding the Groove ransomware gang.
“In late October 2021, the Groove ransomware gang called on other ransomware operators to jointly attack US entities; once this generated media attention, the operator of Groove’s public blog claimed that it was a media hack,” it said.
“It is certainly possible that Ramp’s overture to Chinese-speaking threat actors is part of a similar strategy.”
That said, other Russian-speaking forums also appear to be warming to international users.
On notorious site XSS, one user apparently replied to a thread with a Chinese-language ad looking for partners in a ransomware operation. In another case, a Russian XSS member greeted two Chinese forum members with a message in machine-translated Mandarin.
Threat actors are typically more willing to share tactics, techniques and procedures (TTPs) than their counterparts in the legitimate economy. However, the pooling of capability and intelligence across traditionally distinct cybercrime spheres would be a particularly unwelcome development.