Chinese hackers reportedly posed as Iranians to target Israel – may still be active in the region

A group of Chinese cyber spies reportedly posed as Iranians while attempting to hack into sensitive Israeli government and telecommunication networks during a two-year campaign, the American security company FireEye revealed in a report on Tuesday. 

According to FireEye, the Chinese hackers used a tool associated with Iranian hackers and even embedded parts of their malicious code in Farsi, the main language of Iran. The group also attacked targets in Iran, the United Arab Emirates and Kazakhstan.

John Hultquist, vice president of threat intelligence at FireEye, believes that targeting sensitive organizations in Israel has been “consistent with previous Chinese government activity” in numerous countries. 

Hultquist also addressed the Chinese intruders’ false-flag attempt to pose as Iranians. 

“It’s a good reminder there may come a day when these things fool us. We have to be careful not to be myopic and focus on the incidents that are just happening in our backyard, because we miss opportunities to see the use of new tactics,” Hultquist said. 

Needless to say, it is not a coincidence that the Chinese hackers chose Iran for their false-flag targeting of Israeli cyber infrastructure. As bitter regional foes, Iran and Israel have repeatedly accused each other of cyberattacks on their respective critical infrastructure. The Jewish state is believed to have launched several cyberattacks against Iran’s illegal nuclear weapons program. 

The aggressive hacking campaign against the Jewish state appears to be part of a wider Chinese cyber spying strategy that targeted a number of other countries in the Middle East including Saudi Arabia and Iran. The purpose of the Chinese hacking campaign is to gain long-term technology and business competition advantages, according to FireEye. 

The security company believes that China does not take sides in the Middle East and therefore targets the regional rivals – Iran and Israel – while simultaneously doing business with both Tehran and Jerusalem. In other words, the Chinese who have been extensively engaged in global cyber espionage for years, apparently do not consider hacking a hostile act but a tool to illegally gain commercial and technological advantages. 

As America increasingly disengages from the Middle East, the power vacuum is filled by rival powers such as China and Russia. 

In March, China’s Foreign Minister Wang Yi toured the Middle East and visited several key countries such as Iran, Saudi Arabia, Turkey and the UAE. During the visit, China and Iran signed a 25-year cooperation agreement where the China agreed to invest $400 billion into the struggling Iranian economy. 

While the Chinese foreign minister did not visit Israel during his latest Middle East tour, bilateral trade between China and Israel has increased dramatically in recent years and totaled more than $13 billion annually in 2017. In addition, China has invested massively into strategic Israeli infrastructure projects such as a new port in the Israeli city Haifa and Tel Aviv’s new light-rail project.

In July, several governments in Europe and Asia, as well as the United States, announced that their countries had been targeted by similar massive Chinese cyberattacks.

Liu Pengyu, the spokesperson for the Chinese Embassy in Washington, responded to the FireEye report by claiming that the “U.S. is the world’s largest source of cyberattacks and attacks targeting China.”

Liu also warned against accusing China of cyberattacks without solid evidence. 

“Given the virtual nature of cyberspace and the fact that there are all kinds of online actors who are difficult to trace, it’s important to have enough evidence when investigating and identifying cyber-related incidents,” Liu said.