A deep dive into the forces driving Russian and Chinese hacker forums

Profit, hacktivism, and politics are only some of the differences between Russia and China's hacking communities.
Written by Charlie Osborne, Contributing Writer

State-sponsored threat groups, hacktivists, and cybercriminals in the game for financial reasons are now part and parcel of the daily threats faced by businesses and individuals alike.

We are no longer in the time of Stuxnet, in which state-sponsored groups focused on computer disruption and destruction in extremely limited and covert cases.

Now, scammers have evolved from phishing emails littered with spelling mistakes to sophisticated, persuasive messages designed to part us with our cash; government-backed groups tamper with social media platforms and leak confidential files in order to influence election results, and highly skilled cyberattackers conduct worldwide campaigns against financial institutions.

Emerging from the pool of daily threats, however, is what appears to be the rise of hackers in particular countries. While the US, UK, and North Korea account for their own share of cybercriminals, Russia and China have caught the public eye in recent times.

CNET: Midterm elections, social media and hacking: What you need to know

Hackers from both countries have been accused of everything from attacks against core country services to industrial businesses and corporate networks, and a new report released by Dark Web data monitoring firm Recorded Future gives us a glimpse into the members of forums belonging to each country.

After analyzing ads, posts, and communication between hackers in each community for a year, the company has uncovered a number of differences in their capabilities, cultures, and motives.

The worst cyberattacks undertaken by nation-state hackers

Where do the forums focus?

Both Russian and Chinese hackers host international content in the web's underbelly. Russian forums tend to focus on providing as much international content as possible in order to generate revenue, whereas Chinese forums focus on Chinese buyers -- but there are indications that China, too, is starting the journey towards appealing to a wider audience.

"Russian forums are more tailored to business transactions, while Chinese forums instead focus on building the Chinese hacking community," Recorded Future says. "Both communities sell goods and services for regional users, although this is far more prevalent on Chinese forums."

Where did they come from?

In the case of Russia, money is key. Originally taking tips from underground hacking forums in the US, the country's hacking community created its own alternatives which once focused on phishing, credit card fraud, and spam.

"In Eastern Europe, technology use spread [..] slowly, and it took more time for Internet connectivity and the personal computer to become ubiquitous in the Republics and Federations of the former USSR," the report says. "The well-educated and underpaid citizens of these countries turned to crime against the West because they had the technical skills and needed the money."

In the early 2000s, scams were rife. However, Russian hackers quickly became proficient, leading to forums "becoming a place of business, not bastions for community."

Chinese hackers, however, appear to display more of an interest in hacktivism; perhaps unsurprising considering the country's censorship-focused leadership. The researchers say that many of China's first hackers came together as patriots, which may have been triggered by anti-Chinese riots in Indonesia and a decade of political turmoil between China and the West.

"Chinese netizens expressed outrage at the international community for treating their fellow citizens with contempt and set up discussion boards, social media groups, and bulletin board systems to plan defacements against Indonesian government websites," the report says.

This led to website defacement and distributed denial-of-service (DDoS) attacks in a political protest for a number of years. Eventually, these groups evolved into sophisticated hacking rings.

"Individuals have been recruited into government positions from Chinese technical forums and many famous old-school hackers now run large cybersecurity and technology firms in China's flourishing cyber security market while maintaining excellent business relationships with the Chinese government," Recorded Future added.

CNET: Midterm elections, social media and hacking: What you need to know

The current community landscape

Recorded Future says that the glue binding Chinese hackers together is the "overwhelming sense of community online," which is otherwise called "geek spirit." Forum members are often required to interact with each other on a daily basis to maintain membership, and apprenticeships are available -- for a price.

In comparison, Russian forums are deemed "fairly compartmentalized and professional."

These platforms have evolved into separate areas for fraud, carding, and malware, and some forums require a membership fee. Other forums can only be accessed by proven hackers who can provide evidence of their skill and tools.

TechRepublic: Despite risks, only 38% of CEOs are highly engaged in cybersecurity

What is on offer?

Russian forums are teeming with ransomware, loaders, Trojans, exploit kits, installs, spam bots, web traffic, forged documents, money mules, banks accounts, credit cards, and more. However, as malware variants spawn on a daily basis and constantly evolve, Russian developers are jealous of their work.

Malware code is carefully guarded and is often sold based on license deals which prevent reselling or code upgrades without the purchase of additional modules. Affiliate programs are also on offer to boost the revenue generated from single malware strains.

Russian cybercriminals also often tout bulletproof hosting services for as little as $100 per month.

In comparison, Chinese hackers appear to specialize somewhat in DDoS tools, remote access Trojans (RATs), antivirus evasion techniques, and penetration testing services.

Chinese hackers offer a free hand when it comes to their skills and will often share programming and hacking tutorials.

Russian threat actors will rarely share data stolen from targets from their home country. However, Chinese groups have no such qualms and will just as easily offer information for sale belonging to an international company as a local firm.

Future prospects

The report suggests that in the future, Russian cybercriminals will continue to follow the money, whereas China's ongoing efforts to censor the web may force Chinese hackers to move to international forums. This, in turn, could encourage cross-border tool, malware, and knowledge sharing.

"The hacker cultures of China and Russia have their own unique genesis, and have evolved to take advantage of their respective regional circumstances," Recorded Future says. "Understanding the differences within these communities is essential to grasp the respective threats they currently pose and the manner in which these threats may evolve."

How to discover and destroy spyware on your smartphone (in pictures)

Previous and related coverage

Editorial standards