Episode 239: Power shifts from Russia to China in the Cyber Underground

In this episode of the podcast (#239) we speak with Naomi Yusupov, a Chinese Intelligence Analyst at the threat intelligence firm CyberSixgill about that company’s new report: The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities.  As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.  As Russia’s war on Ukraine, and Western nations’ sanctions against Russia for its aggression begin to bite, one big question is what role countries like China will play in the conflict. While nominally an ally of Russia, China has so far refused to violate Western sanctions on shipping technology and military supplies. But what about cyber space?   And, while initial expectations of major cyber attacks didn’t come to pass, cyber operations have so far played an important role in the conflict, with Russians releasing custom wiper malware against Ukrainian targets in the early days of the war, and Ukraine striking back with targeted hacks and denial of service attacks on Russian government organizations and companies.  Naomi Yusupov is a Cyber Intelligence Analyst at CyberSixGill Ukraine war spills into Cyber Underground The war and wartime alliances have also spilled over into the Dark Web and the cybercriminal underground. Russia has long looked the other ways at domestic cyber crime groups so long as they carried out operations on non—Russian entities. And there has been speculation that some Russian cybercriminals do double duty as contractors for Russia’s FSB and other government entities. Those close ties have affiliated ransomware group Conti saw tens of thousands of chat logs leaked in March by a Ukrainian  cybersecurity researcher who infiltrated that group. A threat actor advertises one-on-one hacking tutorials on a Chinese language dark web forum. (Image courtesy of Cybersixgill.) Episode 214: Darkside Down: What The Colonial Attack Means For The Future of Ransomware Like Russia, China has also invested heavily in cyber operations  – from industrial espionage to cyber offensive capabilities. Also like Russia,