Overview

• Since May 2022, Chinese state-affiliated groups have repeatedly breached Russian government agencies and defense-related companies to gather classified military intelligence.
• A classified FSB counterintelligence report labels China an "enemy" and warns Beijing’s cyber intrusions aim to harvest insights from Russia’s operation in Ukraine.
• Cybersecurity researchers have attributed attacks to Mustang Panda, Sanyo, and other state-backed groups using bespoke tools like Deed RAT to evade detection.
• In January, the U.S. Justice Department indicted Mustang Panda operatives for infecting thousands of global systems, targeting American organizations, Chinese dissidents, and foreign governments.
• The ongoing espionage reveals deep mutual suspicion in the declared 'no-limits' partnership and highlights China’s push to modernize its military with foreign combat experience.