- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Russian Cybercrime Forums Throw Doors Open to Chinese-Speakers
Security researchers have started to see a thawing of relations between Russian and Chinese and English-speaking threat actors.
The Russian-speaking cybercrime world has hitherto been fairly closed to actors from other regions. However, Flashpoint claimed to have seen a more inclusive approach adopted of late, especially on the Ramp forum.
“In October, Ramp administrators made changes to the forum’s interface that make it more accessible to Chinese-speaking and English-speaking threat actors,” the threat intelligence firm claimed.
“Forum sections are now in Russian, English, and Mandarin; the main administrator is addressing members in English more often than before; and there is noticeably more English content and comments – and even coming from some Russian-speaking actors.”
There are said to be around 30 Chinese users on the forum thus far.
However, although Russian cyber-criminals may seek international alliances, Flashpoint warned that the moves might be a smokescreen similar to those surrounding the Groove ransomware gang.
“In late October 2021, the Groove ransomware gang called on other ransomware operators to jointly attack US entities; once this generated media attention, the operator of Groove’s public blog claimed that it was a media hack,” it said.
“It is certainly possible that Ramp’s overture to Chinese-speaking threat actors is part of a similar strategy.”
That said, other Russian-speaking forums also appear to be warming to international users.
On notorious site XSS, one user apparently replied to a thread with a Chinese-language ad looking for partners in a ransomware operation. In another case, a Russian XSS member greeted two Chinese forum members with a message in machine-translated Mandarin.
Threat actors are typically more willing to share tactics, techniques and procedures (TTPs) than their counterparts in the legitimate economy. However, the pooling of capability and intelligence across traditionally distinct cybercrime spheres would be a particularly unwelcome development.