Divided We Hack: Exploring the Degree of Sino-Russian Coordination in Cyberspace During the Ukraine War

China and Russia are arguably NATO’s main strategic competitors and potential adversaries. Since 2017, Beijing and Moscow have conducted cyber-espionage operations against NATO members, and the two countries have also reportedly displayed more coordination in the cyber domain. These concerns have become more pressing since the outbreak of war in Ukraine, where multiple sources have shown alleged evidence of Chinese and Russian cyber-operations coordination. While it is commonly accepted that China and Russia coordinate at the strategic level in the cyber domain, this article aims at better understanding whether these two nation-states also have their affiliated threat groups collaborating. We investigate this, drawing on multiple open-access data and sources. Specifically, we empirically examine the activity of three Chinese groups, Mustang Panda, Scarab and Judgment Panda, to assess the presence and degree of collaboration with their Russian counterparts. Our analysis shows that, as far as the examined groups are concerned, there was no coordination between Russian and Chinese campaigns, and the latter group sometimes even targeted sensitive Russian civilian and military infrastructures. Furthermore, we observe that a possible obstacle to coordination at the operational and tactical levels is the inherently complex and secretive nature of Advanced Persistent Threat (APT) activity: proper coordination would require sharing highly sensitive and critical information among the involved parties, such as details on the infrastructures, techniques, and procedures being used.