Russian-speaking cybercrime forum opens doors to Chinese hackers

  • Thread starter Security feed from CyberSecurity Help
  • Start date

Security feed from CyberSecurity Help


It seems that the Russian-language cybercrime world, which has previously been fairly closed to foreign threat actors, is warming up to Chinese and English-speaking hackers. The attempts at collaboration were spotted mainly on the RAMP hacking forum, which is encouraging Mandarin-speaking actors to participate in conversations, share tips, and collaborate on attacks.

According to researchers at Flashpoint, high-ranking users and RAMP administrators are now actively attempting to reach out to new forum members in machine-translated Chinese.

In October, RAMP administrators made changes to the forum’s interface to make it more accessible to Chinese-speaking and English-speaking threat actors, with forum sections in Russian, English, and Mandarin.

“The main administrator is addressing members in English more often than before; and there is noticeably more English content and comments—and even coming from some Russian-speaking actors. Furthermore, the RAMP authorization form (for account verification) now includes a domain for a Chinese forum among the others,” Flashpoint said.

According the forum’s admins, RAMP received nearly thirty new user registrations from China. However, apart from the Chinese-language forum headings, there is no notable presence from Chinese-language threat actors. Admins promised to add content for Chinese users soon, Flashpoint notes.

In addition, the RAMP forum no longer requires proof of membership on Exploit and XSS (two other top-tier Russian-language hacker forums), to approve registration.

“While it is possible that Russian-speaking ransomware operators may be seeking alliances outside of Russia—cooperative cybersecurity talks with the U.S. are currently underway—it remains unclear whether RAMP efforts to woo Chinese-speaking threat actors are in fact legitimate or simply a smokescreen,” the researchers said.

“In late October 2021, the “Groove” ransomware gang called on other ransomware operators to jointly attack US entities; once this generated media attention, the operator of Groove’s public blog claimed that it was a media hack. It is certainly possible that RAMP’s overture to Chinese-speaking threat actors is part of a similar strategy.”

Adblock test (Why?)