Chinese cyber spies ‘posed as Iranians while targeting Israeli government’ | Science & Tech News

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

A cyber espionage group from China masqueraded as Iranian hackers while breaking into and spying on Israeli government institutions, according to a new report by security researchers.

The report from security company FireEye, which unmasked the group alongside Israeli defence agencies, says there is insufficient evidence to link the espionage group to the Chinese state.

However, the company’s threat analysts are confident that the espionage group is Chinese and that its targets “are of great interest to Beijing’s financial, diplomatic, and strategic objectives”.

The hackers’ attempt to conceal their nationality was “a little bit unusual”, according to Jens Monrad, who heads the work of FireEye’s threat intelligence and incident response division Mandiant in EMEA.

“We have seen historically a few false flag attempts. We saw one during the Olympics in South Korea,” he told Sky News, referencing Russian hackers pretending to be Chinese and North Korean.

“There might be several reasons why a threat actor wants to do a false flag – obviously it makes the analysis a bit more complex,” Mr Monrad told Sky News.

The report focused on cyber spying targeting Israeli government institutions, IT providers, and telecommunications entities, but the group had additionally attempted to hack computer networks in the UAE and elsewhere.

Mr Monrad said the attempt to conceal the hackers’ identity “wasn’t very clever” but did slow the company’s analysis of these incidents, which he added may have been the goal.

The Chinese group attempted to use Farsi in the parts of code which could be recovered by incident response teams, and also used hacking tools associated with Iranian groups that had previously been leaked online.

However, linguistic analysts at FireEye said the terms chosen by the group wouldn’t have been used by native Farsi speakers.

“The use of Farsi strings, filepaths containing /Iran/, and web shells publicly associated with Iranian APT [Advanced Persistent Threat] groups may have been intended to mislead analysts and suggest an attribution to Iran,” the report said.

FireEye said that although this group and the known…