Eastern European cybercriminals said to trump Asian counterparts in sophistication

East European hackers use more technologically advanced malware and detection evasion techniques compared to East Asian hackers

Despite an increasing number of successful cyberattacks launched by East Asian hackers against companies and government institutions around the world in recent years, Eastern European cybercriminals remain a more sophisticated threat to the global Internet, security researchers say.

"While East Asian hackers dominate cybersecurity-related headlines around the world with high-profile intrusions and advanced persistent threats (APTs), it would be a mistake to conclude that these attackers are the sole or greatest criminal threat to the global Internet today," Tom Kellermann, vice president of cybersecurity at antivirus vendor Trend Micro, said in a report entitled "Peter the Great Versus Sun Tzu."

"After conducting extensive research into the nature of the East Asian and East European underground, Trend Micro has concluded that hackers from the former Soviet Bloc are a more sophisticated and clandestine threat than their more well-known East Asian counterparts," said Kellermann, who until recently served as a commissioner on the Commission on Cyber Security for the 44th U.S. Presidency.

East Europeans are "master craftsmen" when it comes to malware development, Kellerman contends. "East European malware are so elegantly crafted, they have been dubbed the 'Faberge Eggs' of the malware world," he said.

East Asian hackers will use zero-day exploits -- exploits targeting previously unknown vulnerabilities -- and spear phishing in order to compromise a target's computer system, but then will rely on basic malware and third-party tools to maintain and expand their access on a target's network.

In contrast, East European hackers use exploits created by others for initial penetration, but their malware programs are customized specifically for their goals and have all of the needed functionality built in.

Malware programs produced in Eastern Europe tend to be small in size and use advanced detection evasion techniques, Kellermann said.

Kellermann attributes the advanced malware writing skills of Eastern European hackers to a long history of high-quality science and math education in the region. He also credits the discipline of making every line of code count that stems from the fact that computer scientists from the former Soviet Bloc had to make do with less sophisticated computing resources.

"As an East European vendor of anti-malware technologies, we also believe that the European malware underground is more technical and has more tradition than the Asian hacking scene," Bogdan Botezatu, senior e-threat analyst at Romanian antivirus vendor BitDefender, said Thursday via email.

"In the early days of the post-communist era, East Europeans (especially Bulgarians and Russians) have focused their attention on infecting capitalist countries as a response to the state of their economy," Botezatu said. "Aided by a solid background in mathematics and cryptography, the East Europeans have quickly become the undisputed champions in a, back then, means of political protest and retaliation."

"In more than 20 years of activity, these groups have shifted their focus from political protest to writing commercial malware and their experience with malware, packing and cryptography have made a huge difference," the BitDefender researcher said.

Another reason why Eastern European hackers present a more sophisticated threat than their East Asian counterparts is their method of operation, which Kellermann compared to that of independent mercenary commando units that thrive based on their accomplishments.

Eastern European hackers operate in small teams, are precise and focused in their attacks and go to great lengths to protect their identities because their reputation is key to their success.

"The East European underground is a tightly knit community of fellow mercenary commandos who routinely buy and sell data to one another," Kellermann said. "If your reliability is called into question, your ability to profit or even survive is harmed, possibly to the point of extinction."

East Asian hackers, on the other hand, are "cyber foot-soldiers" who don't seem to care very much about whether they're detected or identified, Kellermann said.

He thinks this is because they operate as part of larger groups that are funded by certain organizations, usually to steal trade secrets or other sensitive data from corporations and government agencies.

If one East Asian hacker is exposed he doesn't lose his ability to make money and can simply go back to work. In a sense, group funding means better financial stability for East Asian hackers.

Meanwhile, East European hackers need to steal data they can immediately sell or exploit for a profit, like financial credentials, credit card details or personal information.

This is why the Eastern European cybercriminal underground has developed cybermoney-laundering systems that use customer vetting and alternative payment channels, Kellermann said.

"It's a nice idea, but perhaps a little oversimplified," David Harley, a senior research fellow at Slovakia-based antivirus vendor ESET, said Thursday via email. Harley believes that being identified can actually serve as an ego boost for some East Asian hackers.

"Even back in the early noughties when attackers from China were just beginning to attract our attention, they were not particularly careful about covering their tracks (except from their targets, of course)," Harley said. "For instance, we knew quite a lot about Wicked Rose [the leader of a well known Chinese hacker group] and his compatriots that went quite a long way beyond the technicalities of the 0-days they were using, such as their reputed links with the Chinese military."

"They seem to have had a romantic, even idealistic view of their activities, and that seems to persist with later players," Harley said. "Eastern European players aren't there for the glory, and it's likely that they feel they have more to lose if they get caught."

"In sum, one could say that East Europe is a high-end market while East Asia is a mass market when it comes to hacking," Kellermann said. "In general, East Asian hackers do not have the same level of maturity in terms of skill as their East European counterparts."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments


Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >


Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >


Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >


Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?