It appears that the Russians are trying to enlist Chinese threat actors, mainly seen on the RAMP hacking forum, which is encouraging Mandarin-speaking actors to participate in conversations, share tips, and collaborate on attacks.
The forum has reportedly had at least thirty new user registrations that appear to come from China, so this could be the beginning of something notable.
The researchers suggest that the most probable cause is that Russian ransomware gangs seek to build alliances with Chinese actors to launch cyber-attacks against US targets, trade vulnerabilities, or even recruit new talent for their Ransomware-as-a-Service (RaaS) operations.
The initiative was started by a RAMP admin known as Kajit, who claims to have recently spent some time in China and can speak the language. In the prior version of RAMP, he had intimated that he would be inviting Chinese threat actors to the forum, which appears to now be taking place.
Russian hackers attempting to collaborate with Chinese threat actors is not limited to the RAMP hacking forum as Flashpoint has also seen similar collaboration on the XSS hacking forum.
RAMP was set up last summer by a core member of the original Babuk ransomware gang, aiming to serve as a new place to leak valuable data stolen from cyberattacks and recruit ransomware affiliates.