Russian and Chinese hackers, two different approaches to cybercrime

Share this…

Each hacker community looks for different things

An analysis of professionals in digital forensics about the criminal activity of Russian and Chinese hackers reveals several differences between the two communities in terms of interests and ways of doing business. In the past, researchers monitored the activity of several markets used to deal with illegal content or tools used to carry out illicit activities. they focused on hacker communities in China and Russia, discovering that members of the communities rarely mingle in clandestine forums, and they find different motivations.

Illegal market for Russian hacking

Contrary to popular belief, most Russian cybercrime communities are still accessible through the conventional network, with forums that configure servers on the Tor network as a backup in case of deletion and for users who navigate without VPN services.

Administrators resort to other methods to keep their forums running, and the blockchain-based DNS is one of them. In closed forums (completely private communities) access is possible through the endorsement of an active member of the community. Infiltrators are expelled from the community quickly and exposed to avoid them.

According to specialists in digital forensics, the forums where Russian cybercriminals meet are well organized and members are only interested in doing business; they carefully guard their resources and adopt a business strategy to make as much money as possible.

“Malicious programs, such as banking trojans, are sold in a similar way to products such as antivirus, a purchase is valid for a user license,” researchers add.

A common practice is that the malware author has full control of the source code. This not only guarantees the maximum monetization, but also protects the property against the creation of similar malware.

The type of content and illegal services offered in these forums is the same as always, but adapted to the current demands: ransomware, trojans, exploits, spambots, are the type of developments most commonly found in these forums.

Chinese hacking forums

Chinese malware and illegal services vendors don’t keep many similarities with their Russian counterparts. First, they do not enjoy the same level of access to tools and information because of the limitations that the Asian country has imposed on Internet browsing. Along with the language barrier, this leaves China in a certain way isolated, creating a local market for hackers with less skills. Access to more advanced tools is possible, but access to them requires “jump ” the great Chinese wall of the Internet, something that not any hacker gets.

In China, hackers are mainly dedicated to offering VPN services, as the government maintains restrictions on navigation on the conventional web. One of the major differences between Russian and Chinese hackers is the fact that Chinese hackers encourage joint work. They help each other and share the source code of the tools they use, report specialists in digital forensics from the International Institute of Cyber Security.

Both Russian and Chinese hackers share an appetite for illegal activity, but using different methods. The firsts ones are more interested in making money, while in China they worry more about transcending the barriers their government has imposed on the use of the Internet.