Chinese hackers disguised as Iran to target Israel


The only obvious counter-attack to this problem is to try to mislead investigators by going after targets that aren’t really interesting. But this causes its own problems – increasing the volume of activity greatly increases the chances of getting caught – which creates a Catch-22 dilemma for hackers.

Fingerprints left by the attackers were enough to convince Israeli and American investigators that the Chinese group, not Iran, was responsible. The same hacking group is in pre-form, having used similar deceptive tactics before. It may even have hacked the Iranian government itself in 2019, adding an extra layer of deception.

This is the first example of China’s large-scale attacks on Israel, and it follows an attack. multi billion dollar Chinese investments set To the Israeli technology industry These were made as part of Beijing’s Belt and Road Initiative. rapidly expanding Chinese influence and reach clearly from Eurasia to the Atlantic Ocean. USA warned against Investments made on the grounds that they will pose a security threat. The Chinese Embassy in Washington DC did not immediately respond to a request for comment.

misdirection and misrepresentation

UNC215’s attack on Israel was not particularly sophisticated or successful, but it shows how important attribution and misrepresentation can be in cyber-espionage campaigns. Not only does it provide a potential scapegoat for the attack, it also provides diplomatic protection for attackers: When faced with evidence of espionage, Chinese authorities regularly try to refute such accusations, arguing that it is difficult, and sometimes even impossible, to track down hackers. .

And the attempt to mislead investigators raises an even bigger question: How often do false flag attempts fool investigators and victims? Not that often, says Hultquist.

“It’s still pretty rare to see that,” he says. “The thing about these deception efforts is that if you take a narrow view of it, it can be very effective.”

“It’s very difficult to maintain deception across multiple operations.”

John Hultquist, Eye of Fire

An individual attack can be successfully misdirected, but during many attacks it becomes increasingly difficult to maintain the shenanigans. This is the case for Chinese hackers targeting Israel throughout 2019 and 2020.

“But once you start connecting it to other events, the deception loses its effectiveness,” explains Hultquist. “It’s very difficult to maintain deception across multiple operations.”

best known attempt wrong attribution In cyberspace, it was a Russian cyberattack against the 2018 Winter Olympics opening ceremony in South Korea. dubbed olympic destroyerThe Russians tried to leave clues pointing to North Korean and Chinese hackers—conflicting evidence, apparently designed to prevent investigators from coming to a clear conclusion.

“The Olympic Destroyer is a great example of false flags and the attribution nightmare,” said Costin Raiu, director of Kaspersky Lab’s Global Research and Analysis Team. tweeted out In that case.

In the end, researchers and governments pinpointed the blame for this incident on the Russian government and, last year, on the United States. accused six Russian intelligence officers for the attack.

North Korean hackers initially suspected in the Olympic Destroyer hack have their own. fell false flags during their own operations. But eventually they were caught and identified by both private sector researchers and the US government. accused Three North Korean hackers earlier this year.

“There was always a misconception that attribution was more impossible than it was,” Hultiquist says. “We always thought false flags would come into the conversation and ruin our entire argument that attribution is possible. But we’re not there yet. These are still detectable attempts to break attribution. We’re still catching that. They haven’t crossed the line yet.”


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *