Beautiful Virgin Islands

Tuesday, Jun 24, 2025

Chinese cyber spies 'posed as Iranians while targeting Israeli government'

Chinese cyber spies 'posed as Iranians while targeting Israeli government'

According to threat intelligence researchers, the hackers attempts to conceal their origin was more likely an effort to slow down response efforts than actually frame Iran.

A cyber espionage group from China masqueraded as Iranian hackers while breaking into and spying on Israeli government institutions, according to a new report by security researchers.

The report from security company FireEye, which unmasked the group alongside Israeli defence agencies, says there is insufficient evidence to link the espionage group to the Chinese state.

However, the company's threat analysts are confident that the espionage group is Chinese and that its targets "are of great interest to Beijing's financial, diplomatic, and strategic objectives".

The hackers' attempt to conceal their nationality was "a little bit unusual", according to Jens Monrad, who heads the work of FireEye's threat intelligence division Mandiant in EMEA.

"We have seen historically a few false flag attempts. We saw one during the Olympics in South Korea," he told Sky News, referencing Russian hackers pretending to be Chinese and North Korean.

"There might be several reasons why a threat actor wants to do a false flag - obviously it makes the analysis a bit more complex," Mr Monrad told Sky News.

The report focused on cyber spying targeting Israeli government institutions, IT providers, and telecommunications entities, but the group had additionally attempted to hack computer networks in the UAE and elsewhere.

Mr Monrad said the attempt to conceal the hackers' identity "wasn't very clever" but did slow the company's analysis of these incidents, which he added may have been the goal.

The Chinese group attempted to use Farsi in the parts of code which could be recovered by incident response teams, and also used hacking tools associated with Iranian groups that had previously been leaked online.

However, linguistic analysts at FireEye said the terms chosen by the group wouldn't have been used by native Farsi speakers.

"The use of Farsi strings, filepaths containing /Iran/, and web shells publicly associated with Iranian APT [Advanced Persistent Threat] groups may have been intended to mislead analysts and suggest an attribution to Iran," the report said.

FireEye said that although this group and the known state-sponsored group designated APT 27 had some overlaps, particularly in their targets, the company could only have low confidence in linking them together.

The Iranian government accused APT 27 of hacking into its networks in 2019.

Though the report was published this week, the hacking activities precede a warning in July from President Joe Biden about the growing likelihood of the US ending up in "a real shooting war with a major power" as a result of a cyber attack.

Speaking to Sky News previously - following then British defence secretary Gavin Williamson claiming that Moscow could cause "thousands and thousands and thousands" of deaths in the UK with a cyber attack - Mr Monrad cautioned that military responses to such an attack would requite a "very high certainty of attribution".

The new group, designated UNC 215 - meaning it is unclassified as either a state-sponsored group or one operating independently - also used the Hindi language and Arabic when targeting Uzbekistan.

FireEye's report stated: "This cyber espionage activity is happening against the backdrop of China's multi-billion-dollar investments related to the Belt and Road Initiative (BRI) and its interest in Israel's robust technology sector.

"China has conducted numerous intrusion campaigns along the BRI route to monitor potential obstructions [including] political, economic, and security," the company said, adding that it anticipates China will "continue targeting governments and organisations involved in these critical infrastructure projects".

The report follows the UK and allies accusing China of "systematic cyber sabotage" following an espionage operation earlier this year which also allowed criminals, potentially including those which Beijing used as contractors, to access the affected servers.

At the time, Chinese foreign ministry spokesman Zhao Lijian said: "The US ganged up with its allies and launched an unwarranted accusation against China on cybersecurity. It is purely a smear and suppression out of political motives. China will never accept this."

Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
Germany and Italy Under Pressure to Repatriate $245bn of Gold from US Vaults
Airlines Evaluate Flight Cancellations Amid Escalating US-Iran Tensions
Starmer Invites Innovators to Join Government Talent Scheme
UK Economy’s Strong Opening Quarter Shows Signs of Cooling
Harrods Seeks Court Order to Secure Al Fayed Estate for Victims
BA and Singapore Airlines Cancel Dubai Flights Amid Middle East Tensions
Trump Faces Backlash from MAGA Base Over Iran Strikes
Meta Bets $14 B on Alexandr Wang to Drive AI Ambitions
WATCH: Israeli forces show the aftermath of a massive airstrike at Iran's Isfahan nuclear site
FedEx Founder Fred Smith, ‘Heart and Soul’ of the Company, Dies at 80
Chinese Factories Shift Away from U.S. Amid Trump‑Era Tariffs
Pimco Seizes Opportunity in Japan’s Dislocated Bond Market
Labubu Doll Drives Pop Mart to Status as China’s Most Valuable Toy Maker
Global Coal Demand Defies Paris Accord Goals
We have new information and breaking details to share about what is shaping up to be a historic air campaign tonight
Six Massive Bombs Dropped on Fordow; Trump: 'A Historic Moment for the U.S., Israel, and the World'
Fordow: Deeply Buried Iranian Enrichment Site in U.S.–Israel Crosshairs
United States Conducts Precision Strikes on Iran’s Nuclear Sites
US strikes Iran nuclear sites, Trump says
Pakistan to nominate Trump for Nobel Peace Prize.
BBC Demands Perplexity AI Immediately Stop Using Its Content
Telegram Founder: I Will Leave My Fortune to Over 100 of My Children
Political Turmoil Resurfaces in Belgium Amid Economic Concerns
Fed policymakers divided on timing of interest rate cuts
Trump signals imminent agreement with Harvard University
Inheritance tax referendum alarms Swiss billionaire community
Japan cancels bilateral security meeting amid US defence demands
AI skeptic Emily Bender warns that ‘the emperor has no clothes’
Israel Confirms Assassination of Quds Force Commander in Tehran
16 Billion Login Credentials Leaked in Unprecedented Cybersecurity Breach
Senate hearing on who was 'really running' Biden White House kicks off
Iranian Military Officers Reportedly Seek Contact with Reza Pahlavi, Signal Intent to Defect
FBI and Senate Investigate Allegations of Chinese Plot to Influence the 2020 Election in Biden’s Favor Using Fake U.S. Driver’s Licenses
Vietnam Emerges as Luxury Yacht Destination for Ultra‑Rich
Plans to Sell Dutch Embassy in Bangkok Face Local Opposition
China's Iranian Oil Imports Face Disruption Amid Escalating Middle East Tensions
Trump's $5 Million 'Trump Card' Visa Program Draws Nearly 70,000 Applicants
DGCA Finds No Major Safety Concerns in Air India's Boeing 787 Fleet
Airlines Reroute Flights Amid Expanding Middle East Conflict Zones
Elon Musk's xAI Seeks $9.3 Billion in Funding Amid AI Expansion
Trump Demands Iran's Unconditional Surrender Amid Escalating Conflict
Israeli Airstrike Targets Iranian State TV in Central Tehran
President Trump is leaving the G7 summit early and has ordered the National Security Council to the Situation Room
Taiwan Imposes Export Ban on Chips to Huawei and SMIC
Israel has just announced plans to strike Tehran again, and in response, Trump has urged people to evacuate
Netanyahu Signals Potential Regime Change in Iran
Juncker Criticizes EU Inaction on Trump Tariffs
EU Proposes Ban on New Russian Gas Contracts
Analysts Warn Iran May Resort to Unconventional Warfare
Iranian Regime Faces Existential Threat Amid Conflict
×