TEL AVIV — The emails landed on March 23 in the inboxes of scientists and engineers at several of Russia’s military research and development institutes, purportedly sent by Russia’s Ministry of Health. They carried a subject line that offered seemingly tantalizing information about a “list of persons under U.S. sanctions for invading Ukraine.”

特拉维夫——3月23日，俄罗斯几所军事研发机构的科学家与工程师收到了据称是俄罗斯卫生部发来的电子邮件。邮件主题栏的信息看起来引人瞩目，是关于一份“因入侵乌克兰而被美国制裁的人员名单”。

But the emails were actually sent by state-sponsored hackers in China seeking to entice their Russian targets to download and open a document with malware, according to a new report to be released Thursday by the Israeli-American cybersecurity firm Check Point.

但以色列-美国网络安全公司Check Point周四发布的一份新报告表示，这些邮件实际上是由中国政府支持的黑客发出的，目的是诱使俄罗斯的目标人物下载并打开含有恶意软件的文件。

The report provides new evidence of Chinese efforts to spy on Russia, pointing to the complexity of the relations between two countries that have drawn closer in solidarity against the United States. It also underscores the sprawling, and increasingly sophisticated, tactics China’s cyberspies have used to collect information on an ever-expanding array of targets, including countries it considers friends, like Russia.

这份报告为中国对俄罗斯的间谍活动提供了新证据，说明这两个团结起来对抗美国的国家关系依然很复杂。该报告也凸显出，中国网络间谍的大规模信息收集策略愈发精细，其目标范围不断扩大，连俄罗斯等被中国视为盟友的国家也不例外。

Despite the growing global outrage over Russia’s war in Ukraine, China has refused to criticize Moscow and has echoed Russian propaganda to depict the United States and NATO as aggressors in the conflict. But Check Point’s research showed that despite the countries’ deepening ties, China appeared to view Russia as a legitimate target for the theft of sensitive military technological information.

尽管俄罗斯在乌克兰发起的战争引发了全球愤慨，但中国拒绝谴责莫斯科，并附和俄罗斯的宣传，将美国和北约描绘为冲突中的挑衅者。不过，Check Point的研究显示，虽然两国关系不断深化，但中国似乎仍将俄罗斯当做窃取敏感军事技术信息的合理目标。

The Chinese campaign targeted Russian institutes that research airborne satellite communications, radar and electronic warfare, Check Point said in its report. The institutes belong to Rostec Corporation, the Russian military conglomerate that is one of the largest and most powerful entities in Russia’s defense establishment.

Check Point在报告中指出，中国的行动针对俄罗斯研究机载卫星通信、雷达和电子战的机构。这些机构隶属军事企业俄罗斯国家技术集团，这是俄罗斯国防部门中规模最大、实力最强的实体之一。

The Chinese espionage operation began as early as July 2021, before Russia invaded Ukraine, the Check Point report said. The March emails revealed that China’s hackers had quickly exploited narratives about the war in Ukraine for their purposes.

该报告称，中国的间谍行动早在2021年7月就已经开始，当时俄罗斯尚未入侵乌克兰。3月的电子邮件攻击表明，中国黑客迅速利用了乌克兰战争的叙事来达到他们的目的。

“This is a very sophisticated attack,” said Itay Cohen, the head of cyber ​​research at Check Point, adding that it demonstrated capabilities “usually reserved for state-backed intelligence services.” The hackers used methods and codes similar to those used in previous attacks attributed to hacking groups affiliated with the Chinese state, he said.

“这是一次非常复杂的攻击，”Check Point的网络研究负责人伊泰·科恩表示，他补充称，这场行动展示了“通常只有国家支持的情报机构才会使用的”能力。他说，黑客使用的方法和代码类似于以前与中国有关的黑客组织所使用的攻击。

For example, by referring to the American sanctions on Russian officials over the war in Ukraine, the attacks used “smart social engineering” that exploited a sensitive topic to try to induce their targets, including skilled defense officials, to open the email, Mr. Cohen said. The hackers also used advanced tactics that better concealed their intrusions in the computers that were attacked, Mr. Cohen said.

例如，科恩说，这些攻击提到了美国因乌克兰战争对俄罗斯官员的制裁，运用了“聪明的社会工程学方法”，即利用某个敏感话题诱使目标（包括老练的国防官员）打开电子邮件。科恩表示，黑客还使用了高级战术，更好地隐藏了他们对被攻击电脑的入侵。

Under China’s authoritarian leader, Xi Jinping, Beijing has refined its approach to cyberspying, transforming over the past decade into a far more sophisticated actor. China’s premier spy agency, borrowing a page from Russia, has recruited beyond its ranks, pulling from the country’s growing pool of tech workers. The strategy has made its attacks more scattershot and unpredictable, but analysts say it has also helped strengthen the country’s efforts, enabling spies to run stealthy attacks that target intellectual property as well as political and military intelligence around the world.

在中国威权领导人习近平治下，北京升级了网络间谍活动，在过去十年变成了更为老练的行为者。中国核心间谍机构借鉴了俄罗斯的做法，从国内不断增长的科技人员中不拘一格地招募人才。有分析认为，虽然这种策略使中国的网络攻击更加分散和不可预测，但也增强了其攻击能力，使间谍们可以针对世界各国的知识产权及政治军事情报进行秘密攻击。

Mr. Xi has made improving China’s scientific and technical capabilities a priority in the coming years, with ambitions of becoming a global leader in high-tech fields such as robotics, medical equipment and aviation. The campaign targeting Russian defense research institutes “might serve as more evidence of the use of espionage in a systematic and long-term effort to achieve Chinese strategic objectives in technological superiority and military power,” Check Point’s report said.

习近平把提高中国的科技能力作为未来几年的首要任务，雄心勃勃地要在机器人、医疗设备和航空等高科技领域成为全球领导者。Check Point的报告称，这次针对俄罗斯国防科研机构的行动“可能提供更多证据，说明中国为实现技术优势和军事实力的战略目标，正在系统性和长期性地利用间谍活动”。

More recently, hackers based in China, like their counterparts elsewhere, have taken advantage of the war in Ukraine to break into the computer systems of organizations across Europe. Hackers have preyed upon heightened anxiety about the invasion, tricking their victims into downloading documents that falsely claim to contain information about the war or pose as aid organizations raising money for charity.

与别国黑客一样，中国黑客近来也以乌克兰战争为契机入侵欧洲各国机构的计算机系统。黑客利用人们对入侵的高度焦虑，诱使受害者下载文件，这些文件要么谎称含有同战争相关的信息，要么冒充为慈善机构筹集资金的援助组织。

Many of the attacks originating from China appear to be focused on gathering information and intellectual property, rather than on causing chaos or disruption that could sway the conflict in favor of Ukraine or Russia, security researchers said.

安全研究人员表示，许多来自中国的攻击似乎专注于收集信息和知识产权，而不是制造混乱或破坏，试图使冲突朝着有利于乌克兰或俄罗斯的方向发展。

In late March, Chinese hackers began going after Ukrainian organizations, according to security researchers and an announcement from Ukraine’s cybersecurity agency. A hacking team known as Scarab sent a document to Ukrainian organizations that offered instructions on how to film evidence of Russian war crimes but also contained malware that could extract information from infected computer systems, researchers at the security firm SentinelOne said.

根据安全研究人员和乌克兰网络安全机构发布的一份声明，中国黑客从3月底开始攻击一些乌克兰机构。安全公司SentinelOne的研究人员表示，一个名为“Scarab”的黑客组织向乌克兰多家机构发送了一份文件，内含对如何拍摄俄罗斯战争罪行证据的指导，但也包括可以从被入侵的计算机系统中提取信息的恶意软件。

Also in March, another hacking team affiliated with China, which security researchers have called Mustang Panda, created documents that purported to be European Union reports on conditions at the borders of Ukraine and Belarus, and emailed them to potential targets in Europe. But the documents contained malware, and victims who were tricked into opening them inadvertently allowed the hackers to infiltrate their networks, researchers at Google and the security firm Cisco Talos said.

同样在3月，另一个来自中国的黑客组织（安全研究人士称之为“野马熊猫”）创建了据称是欧盟报告的文件，内容与乌克兰和白俄罗斯的边境局势相关，并通过电子邮件发给欧洲的潜在目标。但谷歌以及安全公司思科塔洛斯的研究人员表示，这些文件中含有恶意软件，被骗打开文件的受害者会在无意中引来黑客入侵他们的网络。

The Mustang Panda hacking group had previously attacked organizations in India, Taiwan and Myanmar, but when the war started, it turned its focus to the European Union and Russia. In March, the hackers also pursued agencies in Russia, emailing them a document that appeared to contain information about the placement of border guards in Russia, Cisco Talos researchers said.

此前，“野马熊猫”黑客组织曾攻击过印度、台湾、缅甸等地的机构，但乌克兰战争爆发后，它将攻击重点转向了欧盟和俄罗斯。思科塔洛斯的研究人员表示，今年3月，这些黑客还瞄准了俄罗斯的机构，向其发送了一份文件，内容似乎包含有关俄罗斯边境防卫部署的信息。

“One thing remains consistent across all these campaigns — Mustang Panda is clearly looking to conduct espionage campaigns,” Cisco Talos researchers said in a report this month about that group’s activity.

“在所有这些活动中，有一点是一致的——那就是‘野马熊猫’显然在寻求开展间谍活动，”思科塔洛斯的研究人员本月在一份关于该组织活动的报告中写道。

In this latest report on Chinese hacking efforts, the firm Check Point said it was calling the group behind the recently identified campaign Twisted Panda “to reflect the sophistication of the tools observed and the attribution to China.”

在这份有关中国黑客活动的最新报告中，Check Point公司将最近确认的黑客活动背后的组织称为“扭曲熊猫”，“以反映所观察到的黑客手段的复杂程度，并将其归因于中国”。

The Rostec institutes that have been attacked are mainly engaged in the development of airborne radar, and in the development of devices that can, among other things, disrupt the radar and identification systems used by an enemy.

遭受攻击的俄罗斯国家技术集团的主要业务是机载雷达研发，以及开发有干扰敌人使用雷达和识别系统等功能的设备。

Rostec Corporation was founded by President Vladimir V. Putin of Russia in 2007 and has become one of the nation’s largest military corporations, controlling hundreds of research and manufacturing facilities for high-end defense technology, electronic warfare tools and aircraft engines.

俄罗斯国家技术集团由普京总统于2007年创立，现已成为俄罗斯规模最大的军事集团之一，拥有数百个尖端国防科技、电子战争工具和飞机引擎的研究和生产设施。

Shortly after the Russian invasion of Ukraine in 2014, Rostec was blacklisted by the United States and its chief executive, Sergey Chemezov, was sanctioned by the European Union. Immediately after the Russian invasion of Ukraine this year, the United States imposed additional sanctions on companies and entities associated with Rostec.

2014年俄罗斯入侵乌克兰后不久，俄罗斯国家技术集团就被美国列入黑名单，总经理谢尔盖·切梅佐夫也被欧盟制裁。而当俄罗斯在今年入侵乌克兰，美国立即对与俄罗斯国家技术集团相关的企业和实体实施了额外制裁。