Russian tech firm attacked by Chinese state hackers in allied attack

• Chinese APT Jewelbug infiltrated a Russian IT provider, dwelling undetected for five months
• Attackers used renamed Microsoft debugger to bypass defenses and exfiltrate data via Yandex Cloud
• Symantec says China-based actors now target Russia despite perceived geopolitical alignment

Chinese hackers were recently seen targeting Russians, which raised eyebrows among the western cybersecurity community who perceive the two countries as allies in cyberspace and beyond.

Earlier this week, security outfit Symantec published a new report in which it detailed the work of Jewelbug, a Chinese state-sponsored threat actor that’s been “highly active in recent months.” In the report, Symantec said Jewelbug was seen going after targets in South America, South Asia, Taiwan and, most notably, Russia.

In early 2025, Jewelbug managed to sneak into the network of a Russian IT service provider, and remain there for no less than five months. During that time, they accessed code repositories and software ...