Comparison Between the Chinese and Russian Dark Web Communities

Updated on:
Russian and Chinse flags drawn together.
A year-long study yields insights on the motives, culture, capabilities and organizational structure of Russian and Chinese darknet communities.

Citizens of both China and Russia are finding their footing on the dark web.

This is according to a new report suggesting that a good number of them are visiting sites that are only found in the darknet ecosystem.

Currently, cybercriminals based in Russia and China have caught the eyes of the public. For instance, China has become a major player in the hacking business.

They and their nearby geographical counterpart, Russia, have been linked to major attacks on foreign government institutions, large corporate firms to industrial businesses.

A report by cyberthreat intelligence firm RecordedFuture outlines the organization, capabilities and cultures of the Russian and Chinese hacking communities on the dark web.

The firm took a year-long deep dive into both Chinese and Russian community forums, analyzing posts, ads and interactions, to understand the motives and desires of members of the forums.

Your TOR usage is being watched

What the firm discovered is that Russian and Chinese dark web communities are quite different.

They uncovered a number of key distinct differences in their motives, culture, capabilities and organizational structure.

It’s a Case of Money, Patriotism and Politics

According to RecordedFuture’s research paper, the study found that members of Russian darknet forums are more interested in money.

As such, they strive to provide as much content related to this as possible. Their forums tend to focus more on generating revenue rather than offering a platform for socializing.

Interactions within the forums are compartmentalized and strictly professional, with successful business deals based on respect, trust and reputation.

Members who are consistent and reliable tend to receive good ratings while those regarded as unreliable get negative ratings or even end up banned or blacklisted.

Furthermore, the Russian forums can be attributed to the explosion of cyberattacks to western nations in the late 2000s by former individuals of the U.S.S.R. with the know-how and need of money.

Unlike the Russian communities, most of the Chinese forums are based on the culture of patriotism and a sense of online community.

Commonly termed as the “geek spirit,” members of the forums focus on creating an ideal society.

Darknet sign.
A report by cyberthreat intelligence firm RecordedFuture outlines the organization, capabilities and cultures of the Russian and Chinese hacking communities on the dark web.

Many have gone as far as requiring one to interact by sending a personal message or commenting on a post before being able to transact within the forum.

It was also discovered that in order to remain a member of a certain forum, the status depended on one’s daily interaction on the forum.

Examples of these interactions may include a thumbs-up to sellers or comments of praises on ads.

Such social interactions boost the sense of community within the forums to extents where guru hackers offer apprenticeship programs for a fee.

This is not the case in Russian forums, with the few members who offer apprenticeship doing so with a clear financial benefit.

What’s on the Menu?

Both community forums offer goods and services to regional users, but this is far more prevalent on Chinese forums.

While Russian forums have an unspoken rule that states testing of hacking tools or techniques is allowed within the country but attacks must target victims outside the Russian Federation.

When it comes to international content, both darknet forums offer a variety.

Russian fraud forums are focused on selling stolen data such as bank accounts or credit card details as well as other fraud-related services, including fake IDs.

At the same time, their hacking forums offer hacking tools, exploit kits and malware.

It was also noted that malware codes sold on Russian forums are often based on license deals, just like those of large software firms.

The reason why they are closely guarded is financial gain. Promote the purchase of additional modules for the upgrade or resell of the code, in turn generating additional revenue from a single malware.

Additionally, Russian hackers also offer bulletproof hosting services at a bargain of $100 per month with some paying referral bonuses to existing customers who send them new business.

Others also offer good customer service, such as offering refunds in a timely manner or sellers giving out holiday discounts.

The Chinese malware forums, on the other hand, have specialized in penetration testing services, DDoS tools, antivirus evasion techniques and remote access Trojans (RATs).

Darknet Forum.
Both community forums offer goods and services to regional users, but this is far more prevalent on Chinese forums.

Fraud forums on their part offer data and personal information of not only individuals from other countries, but also of Chinese nationals.

This is quite uncommon in Russian forums due to their unspoken rule.

Aside from stolen data, Chinese vendors also offer forged documents.

Fake foreign diplomas, for example, have been incredibly popular.

Other forums also offer miscellaneous content deemed illegal in China such as sexually explicit material and large knives with blades larger than 5.9 inches, some of which are legal in other countries.

Type of Forums in These Communities

Both forums are structured into three main tiers—open, semi-private and closed. Most of the open forums are largely available in the clearnet.

The semi-private communities require a registration fee or proof of membership on other boards for one to join.

For closed communities, they require one to prove their authenticity or forum members to vouch for them.

Russian forums have adopted the use of cryptocurrency, but Chinese communities rely on the traditional banking system due to the ban on cryptocurrencies by the Chinese government.

Results Point to a Larger Picture

Regardless of their differences and genesis, both communities have taken advantage of the situations in their countries.

The researchers predict with medium confidence that the Chinese government will continue their efforts in trying to control the nation’s cyberspace.

The continued restrictions on Tor and access to VPNs may push Chinese vendors to foreign darknet markets and subsequently leading to the shutdown of Chinese community forums.

For the Russian forums, they will continue eyeing money as their priority, and due to their international appeal, this would see them expand into other markets such as China—resulting in the exchange of tactics and tools.

Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.