When hackers broke into the computer systems of the Israeli government and technology companies in 2019 and 2020, investigators immediately searched for clues to find out who was behind. attack.
According to Wired, the first evidence that the hacker group attacking Israel came from Iran, such as the tools they used were written in Farsi. However, after the US cybersecurity company FireEye and the Israeli military conducted an investigation, they discovered the techniques that Chinese hackers used to blame hacker groups in Iran.
According to the researchers, the Chinese hacker group used many tricks to blame Iran by placing file paths containing the word “Iran”. Of course, they also did not forget to protect their true identities and conceal the infrastructure used to break into Israeli systems.
However, FireEye believes that the UNC215 hacker group made some important technical errors, for example, they used similar files, infrastructure, and tactics in previous operations in the Middle East.
“UNC215 repeatedly attacks targets in the Middle East and Asia, all of which are directly related to China’s political and financial interests,” said John Hultquist, Vice President of Threat Intelligence at FireEye. Country. The goals of this group do not always coincide with the interests of Iranian hacker groups.”
“You can use many tricks to deceive others, but in the end you will still have to focus on the things you care about. That will provide information about who you are,” added Hultquist.
The traces left behind by the attacker were eventually enough to convince Israeli and American investigators that the attackers were Chinese hackers, not Iranian hackers.
“If you look at the problem from a narrow angle, these spoofing attempts will succeed,” says Hultquist.
This is the first example of a large-scale Chinese attack against Israel, which comes after a series of billions of dollars of Chinese investments in Israel’s technology industry. They are implemented as part of Beijing’s Belt and Road Initiative, an economic strategy to rapidly expand China’s influence.
The US has previously warned against investments because they would be a security threat.
When faced with evidence of espionage, Chinese officials frequently argue that hackers are difficult or even impossible to trace. A spokesman for the Chinese Embassy in Washington DC said the country “resolutely opposes and opposes all forms of cyberattacks”.