Tech News

Chinese hackers disguised themselves as Iran to oppose Israel

[ad_1]

The only obvious move against this problem is to try to get researchers off the trail by pursuing goals that aren’t really of interest. But that creates its own problems – increasing the volume of activity dramatically increases the chances of being caught – which poses a Catch-22 dilemma to hackers.

The fingerprints left by the attackers were enough to eventually convince Israeli and American investigators that the Chinese team, not Iran, was responsible. The same hacking team has the previous form, having previously used similar deceptive tactics. In fact, the Iranian government itself may have been hacked in 2019, adding an extra layer to the scam.

This is the first example of a large-scale Chinese hack against Israel, and a a billion-dollar set of Chinese investments In the Israeli technology industry. They were carried out as part of the Beijing Belt and Road Initiative, which was an economic strategy The Chinese influence spread rapidly and clearly reached the Atlantic Ocean throughout Eurasia. The United States warned against believing that investments would be a security threat. The Chinese Embassy in Washington DC did not immediately respond to a request for comment.

Wrong direction and wrong accusation

UNC215’s attack on Israel may not have been particularly sophisticated or successful, but it does show the importance that accusations — and misconceptions — can have in cyberespionage campaigns. Not only does it provide a potential scapegoat for the attack, but it also provides diplomatic cover for attackers: when they come across espionage evidence, Chinese officials regularly try to weaken those allegations by arguing that tracking hackers is difficult or sometimes impossible. .

And the attempt to mislead the investigator raises an even bigger question: how often does the false flag attempt mislead the investigator and the victim? Hultquist says it’s often not.

“It’s still pretty weird to see that,” he says. “It’s about these deceptive efforts. If you look at the event from a narrow opening, it can be very effective.”

“It’s very difficult to keep the deception in multiple operations.”

John Hultquist, FireEye

An individual attack can be misallocated, but during many attacks it becomes increasingly difficult to maintain the brass. That is the case of Chinese hackers targeting Israel in 2019 and 2020.

“But by starting to link it to other events, the fraud loses its effectiveness,” Hultquist explained. “It’s very difficult to keep the deception in multiple operations.”

The most popular essay wrong accusation in cyberspace there was a Russian cyberattack against South Korea’s opening ceremony for the 2018 Winter Olympics. Duplicate Olympic DestructiveThe Russians tried to leave traces of North Korean and Chinese hackers so that the seemingly contradictory evidence could never lead to clear conclusions.

“The Olympic Destroyer is an amazing example of false flags and the alleged nightmare,” said Costin Raiu, director of the Kaspersky Lab’s World Research and Analysis Group. he tweeted at the time.

In the end, the investigators and the government finally blamed the Russian government and the United States last year. prosecuted six Russian intelligence officials for the attack.

They have these North Korean hackers who were initially suspected of the Olympic Destroyer hack fall false flags during their operations. But in the end, they were captured and identified by both private sector researchers and the U.S. government prosecuted Three North Korean hackers earlier this year.

“There’s always been a misperception that attribution is impossible,” Hultiquist says. “We always thought that false flags would come into the conversation and that it would be possible to accuse them of ruining our whole argument. But we are not there yet. Attempts can still be detected to stop the impeachment. We are still trapped. They have not yet crossed the line.”



[ad_2]

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button