Chinese Hackers Flooding Foreign Forums as China Clamps Down on Tor


Underground hacker forums in China and Russia are as different as each country's regular shopping bazaars, according to research from Recorded Future.

Both Russian and Chinese forums host a wide variety of international content. Russian forums rarely if ever feature data dumps from Russian firms. By contrast, data dumps and malware sourced from Chinese firms are usually only found on Chinese forums.

Chinese speakers are internationalists that are often active in Chinese, English and Russian forums. Perhaps unsurprisingly, because of the difficulties in learning the Chinese language, few if any native Russian or English speakers use Chinese forums.


Access to hacker forums within China is getting steadily more difficult because of sustained efforts to restrict Tor and VPN services. This is pushing Chinese hackers towards foreign forums, Recorded Future said. The result of this migration is that data and malware once unique to Chinese forums is more readily available internationally.

Recorded Future's research is based on a comparative analysis of underground markets and forums tailored to Russian and Chinese audiences over the past year. The researchers uncovered differences in the content hosted, as well as forum organisation and conduct.

Russian hacker forums tend to be more geared towards sales of illicit goods whereas their Chinese counterparts place more of an emphasis on building a community. By contrast, there's little room for socialising on Russian-language forums.

Hacker bazaars in both China and Russia sell goods and services for regional users, although this is far more prevalent on Chinese forums.

Hacktivism began in China following politically sensitive international events, and this kind of activity has continued even after the collapse of the original patriotic hacking groups.

Comments