Since the beginning of the war in Ukraine, groups linked to the Chinese government have repeatedly hacked Russian companies and government agencies in an apparent search for military secrets, according to cyberanalysts.

据网络威胁分析师称，自从俄乌战争爆发以来，与中国政府有关的组织多次侵入俄罗斯企业和政府机构的网络，似乎是为了搜寻军事机密。

The intrusions started accelerating in May 2022, just months after Moscow’s full-scale invasion. And they have continued steadily, with Chinese groups worming into Russian systems even as President Vladimir V. Putin of Russia and President Xi Jinping of China publicly professed a momentous era of collaboration and friendship.

中国的网络黑客活动在2022年5月加速，也就是俄罗斯全面入侵乌克兰仅数月后，而且此后一直在稳步进行，即便俄罗斯总统普京和中国国家主席习近平公开表示两国的合作与友谊进入一个重要时刻，中国组织也在不断渗透进俄罗斯的网络系统。

The hacking campaign shows that, despite this partnership and years of promises not to hack each other, China sees Russia as a vulnerable target. In 2023, one group, known as Sanyo, impersonated the email addresses of a major Russian engineering firm in the hunt for information on nuclear submarines, according to TeamT5, a Taiwan-based cybersecurity research firm that discovered the attack last year and linked it to the Chinese government.

这些黑客攻击行动表明，尽管两国有合作关系，而且多年来承诺互不攻击对方网络，但中国仍将俄罗斯视为一个易受攻击的目标。据台湾网络安全研究公司TeamT5的说法，2023年，一个名叫Sanyo的组织为猎取有关核潜艇的信息，冒用一家俄罗斯大型工程公司的电子邮件地址。TeamT5去年发现了那次攻击，并发现与中国政府有关。

China is far wealthier than Russia and has plenty of homegrown scientific and military expertise, but Chinese military experts often lament that Chinese troops lack battlefield experience. Experts say that China sees the war in Ukraine as a chance to collect information about modern warfare tactics, Western weaponry and what works against them.

虽然中国比俄罗斯富裕得多，而且自身并不缺乏科学和军事专业能力，但中国的军事专家们经常对中国军队缺乏实战经验感到遗憾。专家们认为，中国把俄乌战争视为收集有关现代战术、西方武器装备及其应对策略信息的一次机会。

“China likely seeks to gather intelligence on Russia’s activities, including on its military operation in Ukraine, defense developments and other geopolitical maneuvers,” said Che Chang, a researcher with TeamT5.

“中国可能寻求收集俄罗斯活动的情报，包括俄罗斯在乌克兰的军事行动、国防发展，以及其他地缘政治方面的战略举措，”TeamT5的研究员张哲诚说。

It is unclear how successful these attempts have been, partly because Russian officials have never publicly acknowledged these intrusions. But a classified counterintelligence document from Russia’s domestic security agency, known as the F.S.B., makes clear that intelligence officials are concerned. The document, obtained by The New York Times, says that China is seeking Russian defense expertise and technology and is trying to learn from Russia’s military experience in Ukraine. The document refers to China as an “enemy.”

目前尚不清楚这些尝试取得了多大成功，部分原因是俄官员从未公开承认有过这些黑客活动。但俄罗斯联邦安全局的一份反情报保密文件明确表示，情报官员们对此担忧。《纽约时报》已获得了该文件，文件称，中国正在寻求俄罗斯的国防专业知识和技术，并试图从俄罗斯在乌克兰的军事行动中吸取经验。该文件把中国称为“敌人”。

With Mr. Putin largely cut off from the West, his country has come to rely on China to buy its oil and sell it technology that is essential to its war effort. Moscow and Beijing have formed a bloc against Washington and its allies, alarming Western leaders. The F.S.B. document presents a more complicated relationship than the “no-limits” partnership that Mr. Xi and Mr. Putin describe.

由于西方已基本上不再与普京打交道，他的国家日益依赖中国购买石油，并向其出售对战争努力至关重要的技术。俄罗斯已与中国结成一个共同对抗美国及其盟友的国家集团，这引起了西方领导人的担忧。俄罗斯联邦安全局的文件描述的两国关系比习近平和普京口里的“无止境”伙伴关系要复杂得多。

Allies have been known to spy on one another, but the extent of China’s hacking activities against Russia suggests both a higher level of mutual distrust and a reluctance by the Kremlin to share all that it is learning on the battlefield in Ukraine.

虽然盟友之间互相刺探情报是常有的事，但中国针对俄罗斯的黑客活动规模之大，既表明了一种更高程度的互不信任，也表明了克里姆林宫不愿与中国分享从乌克兰战场上获得的所有信息。

Drone warfare and software are of particular interest to China, the document says.

该文件称，中国对无人机的作战方法和软件尤其感兴趣。

“The war in Ukraine fundamentally shifted intelligence priorities for both countries,” said Itay Cohen, a senior researcher with the cybersecurity firm Palo Alto Networks who has followed Chinese hacking groups for years. Experts say, and the document indicates, that China wants to learn from Russia’s war experience to bolster its own preparedness for potential future conflicts. Taiwan, in particular, is a major potential flashpoint with the West.

“俄乌战争从根本上改变了两国情报工作的重点，”网络安全公司Palo Alto Networks的高级研究员伊泰·科恩说，他多年来一直在追踪中国的黑客组织。专家们说，该文件表明，中国想学习俄罗斯的战争经验，以增强自身对未来潜在冲突的准备。具体来说，台湾是中国与西方国家发生冲突的一个潜在爆发点。

One Chinese government-funded group has targeted Rostec, the powerful Russian state-owned defense conglomerate, seeking information on satellite communications, radar and electronic warfare, according to Palo Alto Networks. Others have used malicious files, intended to exploit vulnerabilities in Microsoft Word, to penetrate Russian aviation industry targets and state bodies.

据Palo Alto Networks称，为获取有关卫星通信、雷达以及电子战的信息，一个由中国政府资助的组织已将俄罗斯实力雄厚的国有国防企业集团俄罗斯国家技术集团作为目标。另一些攻击者则利用恶意文件，意图通过微软Word的漏洞渗透进入俄罗斯航空业目标及国家机关。

Messages seeking comment were left with the Kremlin and the Chinese Embassy in Moscow.

克里姆林宫和中国驻莫斯科大使馆未回应置评请求。

Not all Chinese hacking groups operate at the behest of the government. But security experts have seen evidence of government ties.

并非所有的中国黑客组织都受政府指使。但安全专家已看到了它们与政府存在关联的证据。

The Russian cybersecurity firm Positive Technologies, for example, said in 2023 that cyberattacks had been mounted on several Russian targets, including in the aerospace, private security and defense sectors. The attackers used a tool known as Deed RAT, which is widely deployed by Chinese state-sponsored hackers. Cybersecurity experts say Deed RAT is considered “proprietary” among these groups, and is not available for purchase on the dark web like other malware tools.

例如，俄罗斯网络安全公司Positive Technologies曾在2023年表示，俄罗斯的多个目标遭到网络攻击，包括航空航天、私营保安企业，以及国防领域。黑客们使用了一种名为 Deed RAT的工具，中国政府支持的黑客普遍使用这种工具。网络安全专家们说，这些黑客组织把Deed RAT工具看作“专利品”，不像其他恶意软件工具那样能在暗网上买到。

That has enabled state-backed hacking groups in China to use it more widely because it is tough for their adversaries to find a way to combat the malware.

这使得中国政府支持的黑客组织能够更广泛地使用这个工具，因为他们的对手难以找到对抗该恶意软件的方法。

俄罗斯士兵在克里米亚辛菲罗波尔接收无人机，摄于2023年。俄罗斯国内安全机构的一份文件指出，中国尤其对无人机的作战方式感兴趣。

Chinese state-sponsored hacking groups have often targeted international companies and government institutions, including in the United States and Europe. But hacking groups appear to have become more interested in Russian targets after the country’s February 2022 invasion of Ukraine.

中国政府支持的黑客组织经常把国际企业和外国政府机构作为目标，包括美国和欧洲的企业和机构。但自从俄罗斯2022年2月入侵了乌克兰后，这些黑客组织似乎对俄罗斯目标表现出更大兴趣。

Mr. Chang said he and his colleagues tracked several Chinese hacking groups targeting Russia. Among them was one of the country’s most active hacking groups, known as Mustang Panda.

张哲诚说，他和他的同事们追踪了几个针对俄罗斯目标的中国黑客组织，其中包括中国最活跃的黑客组织之一“野马熊猫”。

Little is known about Mustang Panda’s origins or where it operates inside China, according to researchers who have studied the group. Its activities often accompanied China’s Belt and Road economic development initiative, according to Rafe Pilling, director of threat intelligence at the security firm Sophos. As China invested in development projects in West Africa and Southeast Asia, he said, hacking soon followed.

据研究该组织的人说，外界对野马熊猫的起源以及它在中国境内的运作地点知之甚少。该组织的活动通常伴随着中国的“一带一路”经济发展倡议，安全公司Sophos的威胁情报总监雷夫·皮林说。他表示，随着中国在西非和东南亚投资发展项目，黑客活动也随之而来。

That is most likely because China invests in countries where it has political and economic interests, which motivates state-sponsored hackers, Mr. Pilling said.

皮林表示，这可能是因为中国在存在政治和经济利益的国家进行投资，引发了国家支持的黑客们的兴趣。

After Russia invaded Ukraine, TeamT5 said that Mustang Panda expanded its scope to target governmental organizations in Russia and the European Union.

俄罗斯入侵乌克兰后，TeamT5说，野马熊猫扩大了攻击的目标范围，把俄罗斯和欧盟的政府机构也包括进来。

Mr. Pilling, who has been monitoring Mustang Panda’s activities for several years, says he suspects that the group is backed by China’s Ministry of State Security, its main intelligence body. The ministry supports threat groups that attack targets across the world, he said. In 2022, Mustang Panda targeted Russian military officials and border guard units near the Siberian border with China.

皮林多年来一直在追踪野马熊猫的活动，他说，他觉得该组织得到了中国主要的情报机构国家安全部的支持。他说，国安部支持攻击全球目标的中国黑客组织。2022年，野马熊猫曾把西伯利亚中国边境附近的俄罗斯军官和边防部队作为侵入目标。

“The targeting we’ve observed tends to be political and military intelligence gathering,” Mr. Pilling said. That is true of all Chinese hacking groups targeting Russia, he said. “I think of them as being one of the main tools that the Chinese state has for gathering political and economic intelligence.”

“我们观察到的目标选择往往是为了收集政治和军事情报，”皮林说。所有针对俄罗斯的中国黑客组织都是这样，他说。“我认为它们是中国政府收集政治和经济情报的主要工具之一。”

Mustang Panda has also attracted the attention of the American authorities. In January, the Justice Department and the F.BI. said that Mustang Panda’s malware had infected thousands of computer systems, seeking to steal information. Many of the targets were American, but the malware was also found on computers belonging to Chinese dissidents and European and Asian governments, according to a federal indictment.

野马熊猫也已引起了美国当局的注意。今年1月，美国司法部和联邦调查局称，野马熊猫的恶意软件已感染了数千个计算机系统，试图窃取信息。据一份联邦起诉书，虽然许多目标针对的是美国人，但中国的异见人士以及欧洲和亚洲政府的计算机上也找到了该恶意软件。

The indictment makes clear that the United States believes that Mustang Panda is a state-sponsored group.

起诉书明确指出，美国认为野马熊猫是一个政府支持的组织。

Other Chinese groups have targeted Russia, too. Mr. Chang said his team was following another threat group, Slime19, that is continuously targeting the Russian government, energy and defense sectors.

其他中国组织也已把俄罗斯作为攻击目标。张哲诚说，他的团队正在追踪另一个名为Slime19的威胁性组织，该组织正在接连不断地把俄罗斯的政府、能源和国防部门作为侵入目标。

In agreements in 2009 and 2015, China and Russia promised not to carry out cyberattacks targeting each other. But even at the time, analysts suggested that the announcement was largely symbolic.

中俄曾在2009年和2015年签署协议，承诺不把对方作为网络攻击的目标。但分析人士当时就认为，该声明在很大程度上是象征性的。

Chinese hacking in Russia did not begin with the war in Ukraine. A 2021 cyberattack, for example, targeted Russian submarine designers. But experts say the war prompted a spike in computer intrusions.

中国针对俄罗斯的黑客攻击并非始于俄乌战争。例如，中国2021年的一次网络攻击曾把俄罗斯的潜艇设计师作为目标。但专家们说，俄乌战争引发了计算机入侵事件的激增。

“The activity — we saw it immediately in the months following Russia’s full-scale invasion of Ukraine,” Mr. Cohen said. “Even though the public narrative was of close ties between Russia and China.”

“我们在俄罗斯全面入侵乌克兰后的几个月里就马上看到了这种活动，”科恩说。“尽管公开的叙事只提俄中关系密切。”