Russian cybercrime and hacking forums are opening doors to Chinese and English-speaking threat actors, which so far had been a relatively restricted domain for them.
Researchers at threat intelligence firm Flashpoint have observed a spike in activities of Chinese origin and Mandarin-speaking hackers on RAMP, a Russian-language ransomware forum, and other illegal communities on the Dark Web.
Russians Allowing Foreign Actors to Use their Ransomware Platforms
Flashpoint report revealed that Russians are opening doors to Chinese and English-speaking threat actors, which so far had been a relatively restricted domain for them.
“In October, Ramp administrators made changes to the forum’s interface that make it more accessible to Chinese-speaking and English-speaking threat actors,” Flashpoint’s report noted.
They further added that Russian cybercrime and hacking forums are now available in English and Mandarin languages apart from the Russian language. Another change they noted is that forum admins are now addressing members more frequently in English than before.
Moreover, English language content and comments are also becoming more common, particularly among Russian-speaking actors. So far, researchers have identified thirty Chinese users on the forum.
A Looming Threat?
Flashpoint researchers suspect that this warming up could be part of a social engineering experiment to manipulate the media and a coverup attempt to seek international alliance and distribute Groove ransomware.
“In late October 2021, the Groove ransomware gang called on other ransomware operators to jointly attack US entities; once this generated media attention, the operator of Groove’s public blog claimed that it was a media hack. It is certainly possible that Ramp’s overture to Chinese-speaking threat actors is part of a similar strategy,” researchers wrote.
For instance, a user replied to a Chinese language ad requesting ransomware operation partners on the XXS site. Another Russian XSS member welcomed 2 Chinese forum members with an auto-translated message in Mandarin.
Cybersecurity researchers deem it a suspicious development as threat actors are generally willing to share their TTP (tactics, techniques, and procedures) in their respective economies.