Chinese hackers found they had been compromising Iranian entities for months


The Chinese hacking group Playful Taurus targeted Iranian government platforms from July to December 2022, according to a report published Wednesday by US cybersecurity firm Palo Alto Networks.

The company’s analysis suggests that four entities of the Iranian government’s infrastructure have been compromised by what’s known as an advanced persistent threat (APT), or cyberattack campaign aimed at mining sensitive data.

The group’s targets included the Iranian Foreign Ministry and the Natural Resource Organization, read the findings of Palo Alto Networks’ threat intelligence team called Unit 42.

Mohamed Amine Belarbi, the CEO of Cypherleak, a cyber risk monitoring platform based in Dubai and Delaware, saw the attack as a means of stealing intelligence and not necessarily damaging Iran’s infrastructure.

See also  WHO seeks more China Covid data, praises US 'transparency'

“This is more of a cyber espionage type attack, where the goal is to collect and steal data for intelligence purposes, not to damage infrastructure or cause monetary losses,” Belabri told Al-Monitor.

“This is a general attack. Governments will deploy this type of malware against any government infrastructure they can reach to collect data from friends or foes,” Belarbi added.

But the expert added that these types of attacks are normally carried out by governments.

See also  Peruvian protesters use tear gas after president calls for ceasefire

“Getting caught only creates some embarrassment for these governments,” he said.

The Chinese group has been referred to by several names, including APT15, Vixen Panda, Backdoor Diplomacy, KeChang, and NICKEL. It has been involved in espionage campaigns since 2010, according to Palo Alto Networks. It has been known to target governments and other diplomatic organizations ranging from the Americas to the Middle East.

The discovery was made thanks to the hacks using malware called Turian, which Palo Alto Networks says is exclusive to Playful Taurus.

This advanced toolkit made the Chinese group’s hacking efforts particularly powerful, according to WeLiveSecurity, an international group of about 180 cybersecurity researchers called ESET, which originated in Slovakia.

See also  The Hill’s Morning Report — House gets to work after Speaker election

Turian is an upgrade of Quarian, the malware used to attack the Syrian State Department in 2012 and the US State Department in 2013, according to ESET.

Last October, UKTN reported that an elite Chinese hacking group had penetrated businesses and government agencies in the United States and dozens of other countries. The report identified the campaign as the most significant cyberespionage the Biden administration has faced. The Justice Department has stated that the Chinese hackers stole the intellectual property of US companies and caused huge financial losses.

China and Iran signed a 25-year agreement in 2021 that includes economic, military and security cooperation.


Please enter your comment!
Please enter your name here