Chinese cyber spies use Iranian mask to carry out cyber espionage against Israel

It is an established fact now that Iran and Israel are superpower nations in the field of cyber warfare and are always engaged in covert cyber operations. But a new underlying trend suggests that their position could be misused by non-regional state actors.

As per the recently released reports, a Chinese espionage group disguised as Iranian hackers took advantage of the regional dynamics to spy on government institutions in Israel.

According to the FireEye security researchers, the alleged Chinese intruders used a hacking tool previously associated with Iranian operatives, and embedded some of their malicious code with Farsi, the predominant language in Iran. It was part of a broader campaign to gather intelligence at organisations in other Middle Eastern and Central Asian countries.

The findings have revealed how spies have planted digital evidences in an effort to throw off investigators in the high-stake world of espionage. The revelations come amid a period of heightened scrutiny of Chinese cyber activity across the world. The US and its European allies in July condemned China’s alleged exploitation of Microsoft software and said that it enabled ransomware attacks. This attack was a part of China’s strategy to establish its dominance in the Middle East.

Since China understands the geopolitical tension of the Middle Eastern blocks for and against Iran, so it has over time taken advantage of the situation to use Iran’s methodologies of attacks and achieved its own objectives without compromising its cover.

This incident highlights the vulnerability of Middle Eastern states that are still in the process of developing their cyber capabilities. Other than Iran and Israel, almost all the Middle Eastern countries take foreign assistance for both offensive and defensive cyber operations.

For instance, both UAE and Saudi Arabia have taken help from Israel’s NSO Group and Germany’s Gamma International to develop spyware against its rival. Similarly, Qatar took help from the US consulting firm, Global Risk Advisors (GRA) to hack emails of a Republican Fundraiser — Elliot Broidy .

Governments of Syria and Turkey have used DPI solutions to redirect users to download spyware, allowing authorities to monitor and redirect internet traffic.

Similarly, an Italian company called Area SpA assisted Syrian authorities in following the citizens’ movements in real time through installation of monitoring centres. All of the above instances clearly depict that the geopolitical and cyber vulnerability of the region is becoming extremely dangerous for the Middle Eastern states. The threat actors like China are constantly eyeing to capitalise on the regional tensions to achieve their covert cyber operations.