Chinese hackers are driven by patriotism, while Russians are driven by greed

Russian hacker forums cater to business transactions while Chinese hacktivism is rooted in allegiance to country, according to a new report from Recorded Future, a threat intelligence firm.

China’s first hacker groups popped up in the late 1990s, triggered by anti-Chinese riots in Indonesia, the report said. Originally nationalistic discussion boards, they eventually evolved into the initial wave of Chinese hacking groups: the Green Army, China Eagle Union, and Hongke (or Honker) Union, Recorded Future added.

“These groups all contributed to early internet defacements, DDoS (Distributed Denial of Service) attacks, and credential thefts targeting the U.S. and other Chinese adversaries,” the report said.


One of the most notorious attacks happened in May of 2001 when the Chinese DDoS'ed the White House website and the websites of U.S. businesses in the wake of the collision between a U.S. spy plane and a Chinese fighter jet off of Hainan Island, according to the report.

“While all three of these original groups have either shut themselves down, splintered, or faded away, this initial wave of cyber patriotism enabled a robust government-hacker relationship in China,” Recorded Future said.

“Many famous old-school hackers now run large cybersecurity and technology firms in China’s flourishing cybersecurity market while maintaining excellent business relationships with the Chinese government,” the report added.

Russians embrace “Thief Spirit”

On the other hand, Russian hacker forums are all business.

Successful hackers who make a killing rise to the top and gain the trust and respect of hacker communities, according to the report. “There are no apprentices in this corner of the dark web, and few Russian forum members are willing to teach anyone anything without clear financial benefit,” the report stated

And like any successful business, those that thrive offer the best tools and customer service.

“Carders who deal in bulk and provide good customer service, such as refunding declined credit cards in a timely manner, are preferred and rewarded with loyal buyers for as long as the supply lasts,” the report said, referring to criminals who traffic in stolen credit cards.


Russians engage in patriotic attacks too.

Some of the more prominent attacks were “vigilante” cyberattacks against Estonia and Georgia for various political reasons, according to a study by Arbor Networks cited in the report. The study found that during the brief Russo-Georgian war, a DDoS attack was launched as Russian tanks entered Georgian territory.