Russian hackers are reaching out to Chinese threat actors in an attempt to share tips and collaborate on cyber attacks. This comes at a time where there has been an increase in activity of Mandarin and Chinese-speaking players on RAMP and other communities across the dark web.
RAMP was created last summer by a member of the Babuk ransomware gang. Back in October administrators of RAMP changed the forum’s interface to be more friendly and accessible to Chinese-speaking and English-speaking threat actors. This has led to the increase in traffic on the site which has also led to RAMP including a Chinese forum. Before this, RAMP was primarily a Russian-speaking forum that would tolerate English-speaking members at times.
As of right now the forum has reportedly seen at least thirty new user registrants who seem to come from China. It is worth noting that none of these have been verified as actual Chinese threat actors. Researchers suggest that this new found alliance could be Russian ransomware gangs seeking out the help of Chinese threat actors to perpetuate cyber-attacks against the United States, trade vulnerabilities, or possibly recruit new talent for its Ransomware-as-a-Service (RaaS) operation.
It is unclear if this is a legitimate attempt on the part of Russian hackers to collaborate with Chinese threat actors or simply a ploy on their behalf like in past circumstances. According to Flashpoint in the latter part of October the Groove ransomware gang put out a call for collaboration to attack US entities, but that ended up being a media hack according to a post on Groove’s blog. This leads some to think the current activity on RAMP could simply be a smoke screen as well.
But there are other indicators that Russians are legitimately looking to team up with Chinese threat actors. On another hacking forum, XSS, there has been communications between Russian and Chinese counterparts seeking collaboration. These communications have been limited in scope and in number, however.
Some security experts believe that this could simply be an attempt on the part of Russian hackers to hide the fact that their RaaS operations did not go according to plan. With the ever growing number of ransomware and cyber attacks, it is always a good idea to keep a watchful eye on any and all threat actors who could pose a threat. A collective and organized effort between Russian and Chinese hackers could indeed cause quite a bit of havoc for those they chose to attack.