19 November 2021

Russian-speaking cybercrime forum opens doors to Chinese hackers


Russian-speaking cybercrime forum opens doors to Chinese hackers

It seems that the Russian-language cybercrime world, which has previously been fairly closed to foreign threat actors, is warming up to Chinese and English-speaking hackers. The attempts at collaboration were spotted mainly on the RAMP hacking forum, which is encouraging Mandarin-speaking actors to participate in conversations, share tips, and collaborate on attacks.

According to researchers at Flashpoint, high-ranking users and RAMP administrators are now actively attempting to reach out to new forum members in machine-translated Chinese.

In October, RAMP administrators made changes to the forum’s interface to make it more accessible to Chinese-speaking and English-speaking threat actors, with forum sections in Russian, English, and Mandarin.

“The main administrator is addressing members in English more often than before; and there is noticeably more English content and comments—and even coming from some Russian-speaking actors. Furthermore, the RAMP authorization form (for account verification) now includes a domain for a Chinese forum among the others,” Flashpoint said.

According the forum’s admins, RAMP received nearly thirty new user registrations from China. However, apart from the Chinese-language forum headings, there is no notable presence from Chinese-language threat actors. Admins promised to add content for Chinese users soon, Flashpoint notes.

In addition, the RAMP forum no longer requires proof of membership on Exploit and XSS (two other top-tier Russian-language hacker forums), to approve registration.

“While it is possible that Russian-speaking ransomware operators may be seeking alliances outside of Russia—cooperative cybersecurity talks with the U.S. are currently underway—it remains unclear whether RAMP efforts to woo Chinese-speaking threat actors are in fact legitimate or simply a smokescreen,” the researchers said.

“In late October 2021, the “Groove” ransomware gang called on other ransomware operators to jointly attack US entities; once this generated media attention, the operator of Groove’s public blog claimed that it was a media hack. It is certainly possible that RAMP’s overture to Chinese-speaking threat actors is part of a similar strategy.”


Back to the list

Latest Posts

Amid Pegasus scandal, Israel bans cyber software sales to 65 countries

Amid Pegasus scandal, Israel bans cyber software sales to 65 countries

Dropped countries include such countries as Morocco, Mexico, Saudi Arabia, or the UAE.
26 November 2021
CronRAT: New Linux malware that hides behind February 31 to stay undetected

CronRAT: New Linux malware that hides behind February 31 to stay undetected

The malware hides in the Linux calendar system and enables server-side Magecart data theft which bypasses browser-based security solutions.
26 November 2021
New malware campaign targets crypto, NFT and DeFi communities via Discord

New malware campaign targets crypto, NFT and DeFi communities via Discord

The Babadeda crypter is able to bypass signature-based antivirus solutions and was previously observed in malicious campaigns distributing RATs, and LockBit ransomware.
26 November 2021