Recent investigations by multiple cybersecurity firms and intelligence reports have revealed that Chinese state-sponsored hacking groups have launched repeated cyberattacks against Russian military and government targets since the start of the full-scale war in Ukraine. These operations, carried out under the guise of a close political and economic relationship, suggest a deeper undercurrent of distrust and strategic divergence between Moscow and Beijing.
According to leaked documents from the Russian FSB and findings from companies including Palo Alto Networks, Positive Technologies, and Taiwan’s TeamT5, the Chinese cyber campaigns have targeted critical sectors including aerospace, satellite communications, radar systems, and electronic warfare platforms. The hackers have also focused on collecting operational battlefield intelligence from Russia’s experience in Ukraine, especially data related to modern combat tactics and Western-supplied weapon systems.
Despite public affirmations of a “no limits partnership,” cyber analysts report that Chinese hacking groups such as Mustang Panda and Tonto Team have continued aggressive surveillance efforts inside Russian systems. Mustang Panda, in particular, is believed to operate under the Chinese Ministry of State Security and has significantly expanded its range of targets to include Russian government ministries and defense-linked enterprises.
One confirmed breach involved Rostec, Russia’s defense and aerospace conglomerate. Hackers reportedly extracted sensitive information related to satellite and electronic warfare technologies. Other Chinese-affiliated groups have used tailored malware, including Deed RAT, to infiltrate defense companies and aviation institutions. These tools are known to be used exclusively by Chinese state actors and are not accessible on the open black market.
In 2009 and again in 2015, Russia and China signed agreements not to conduct cyberattacks against each other. Russian cybersecurity experts have reported ongoing intrusions attributed to Chinese actors, though the Kremlin has so far refrained from making any public accusations.
A classified FSB document obtained by investigators refers to China as an “enemy” engaged in technological espionage. It also acknowledges that China views Russia as a valuable but vulnerable target, possessing more mature military doctrine and operational experience that Beijing lacks. With Taiwan remaining a central focus for Chinese military planners, intelligence gathered from Russia’s war in Ukraine may be viewed as vital preparation for potential future conflict scenarios.
This pattern of behavior points to a growing strategic asymmetry. China continues to deepen its dependence on Russian energy and trade while simultaneously extracting defense intelligence through covert means. For Russia, already isolated from the West, Beijing remains an indispensable partner, limiting its ability to respond publicly to these intrusions.
While relations between the two powers remain formally intact, the reality reflected in cyberspace suggests a partnership defined by opportunity rather than trust.
Octillion Intelligence will continue to monitor Chinese cyber activity across Eurasia and track further developments in Russian responses.
Sources:
NYTimes
IndiaTimes
NovayaGazeta
Politico