London Daily

Focus on the big picture.
Thursday, Jul 10, 2025

Chinese cyber spies 'posed as Iranians while targeting Israeli government'

Chinese cyber spies 'posed as Iranians while targeting Israeli government'

According to threat intelligence researchers, the hackers attempts to conceal their origin was more likely an effort to slow down response efforts than actually frame Iran.

A cyber espionage group from China masqueraded as Iranian hackers while breaking into and spying on Israeli government institutions, according to a new report by security researchers.

The report from security company FireEye, which unmasked the group alongside Israeli defence agencies, says there is insufficient evidence to link the espionage group to the Chinese state.

However, the company's threat analysts are confident that the espionage group is Chinese and that its targets "are of great interest to Beijing's financial, diplomatic, and strategic objectives".

The hackers' attempt to conceal their nationality was "a little bit unusual", according to Jens Monrad, who heads the work of FireEye's threat intelligence division Mandiant in EMEA.

"We have seen historically a few false flag attempts. We saw one during the Olympics in South Korea," he told Sky News, referencing Russian hackers pretending to be Chinese and North Korean.

"There might be several reasons why a threat actor wants to do a false flag - obviously it makes the analysis a bit more complex," Mr Monrad told Sky News.

The report focused on cyber spying targeting Israeli government institutions, IT providers, and telecommunications entities, but the group had additionally attempted to hack computer networks in the UAE and elsewhere.

Mr Monrad said the attempt to conceal the hackers' identity "wasn't very clever" but did slow the company's analysis of these incidents, which he added may have been the goal.

The Chinese group attempted to use Farsi in the parts of code which could be recovered by incident response teams, and also used hacking tools associated with Iranian groups that had previously been leaked online.

However, linguistic analysts at FireEye said the terms chosen by the group wouldn't have been used by native Farsi speakers.

"The use of Farsi strings, filepaths containing /Iran/, and web shells publicly associated with Iranian APT [Advanced Persistent Threat] groups may have been intended to mislead analysts and suggest an attribution to Iran," the report said.

FireEye said that although this group and the known state-sponsored group designated APT 27 had some overlaps, particularly in their targets, the company could only have low confidence in linking them together.

The Iranian government accused APT 27 of hacking into its networks in 2019.

Though the report was published this week, the hacking activities precede a warning in July from President Joe Biden about the growing likelihood of the US ending up in "a real shooting war with a major power" as a result of a cyber attack.

Speaking to Sky News previously - following then British defence secretary Gavin Williamson claiming that Moscow could cause "thousands and thousands and thousands" of deaths in the UK with a cyber attack - Mr Monrad cautioned that military responses to such an attack would requite a "very high certainty of attribution".

The new group, designated UNC 215 - meaning it is unclassified as either a state-sponsored group or one operating independently - also used the Hindi language and Arabic when targeting Uzbekistan.

FireEye's report stated: "This cyber espionage activity is happening against the backdrop of China's multi-billion-dollar investments related to the Belt and Road Initiative (BRI) and its interest in Israel's robust technology sector.

"China has conducted numerous intrusion campaigns along the BRI route to monitor potential obstructions [including] political, economic, and security," the company said, adding that it anticipates China will "continue targeting governments and organisations involved in these critical infrastructure projects".

The report follows the UK and allies accusing China of "systematic cyber sabotage" following an espionage operation earlier this year which also allowed criminals, potentially including those which Beijing used as contractors, to access the affected servers.

At the time, Chinese foreign ministry spokesman Zhao Lijian said: "The US ganged up with its allies and launched an unwarranted accusation against China on cybersecurity. It is purely a smear and suppression out of political motives. China will never accept this."

Newsletter

Related Articles

0:00
0:00
Close
Severe Heatwave Claims 2,300 Lives Across Europe
NVIDIA Achieves Historic Milestone as First Company Valued at $4 Trillion
Declining Beer Consumption Signals Cultural Shift in Germany
Linda Yaccarino Steps Down as CEO of X After Two Years
US Imposes New Tariffs on Brazilian Exports Amid Political Tensions
Azerbaijan and Armenia are on the brink of a historic peace deal.
Emails Leaked: How Passenger Luggage Became a Side Income for Airport Workers
Polish MEP: “Dear Leftists - China is laughing at you, Russia is laughing, India is laughing”
BRICS Expands Membership with Indonesia and Ten New Partner Countries
Weinstein Victim’s Lawyer Says MeToo Movement Still Strong
U.S. Enacts Sweeping Tax and Spending Legislation Amid Trade Policy Shifts
Football Mourns as Diogo Jota and Brother André Silva Laid to Rest in Portugal
Labour Expected to Withdraw Support for Special Needs Funding Model
Leaked Audio Reveals Tory Aide Defending DEI Record
Elon Musk Founds a Party Following a Poll on X: "You Wanted It – You Got It!"
London Stock Exchange Faces Historic Low in Initial Public Offerings
A new online platform has emerged in the United Kingdom, specifically targeting Muslim men seeking virgin brides
Trump Celebrates Independence Day with B-2 Flyover and Signs Controversial Legislation
Boris Johnson Urges Conservatives to Ignore Farage
SNP Ordered to Update Single-Sex Space Guidance Within Days
Starmer Set to Reject Calls for Wealth Taxes
Stolen Century-Old Rolls-Royce Recovered After Hotel Theft
Macron Presses Starmer to Recognise Palestinian State
Labour Delayed Palestine Action Ban Over Riot Concerns
Swinney’s Tax Comments ‘Offensive to Scots’, Say Tories
High Street Retailers to Enforce Bans on Serial Shoplifters
Music Banned by Henry VIII to Be Performed After 500 Years
Steve Coogan Says Working Class Is Being ‘Ethnically Cleansed’
Home Office Admits Uncertainty Over Visa Overstayer Numbers
JD Vance Questions Mandelson Over Reform Party’s Rising Popularity
Macron to Receive Windsor Carriage Ride in Royal Gesture
Labour Accused of ‘Hammering’ Scots During First Year in Power
BBC Head of Music Stood Down Amid Bob Vylan Controversy
Corbyn Eyes Hard-Left Challenge to Starmer’s Leadership
London Tube Trains Suspended After Major Fire Erupts Nearby
Richard Kemp: I Felt Safer in Israel Under Attack Than in the UK
Cyclist Says Police Cited Human Rights Act for Riding No-Handed
China’s Central Bank Consults European Peers on Low-Rate Strategies
AI Raises Alarms Over Long-Term Job Security
Saudi Arabia Maintains Ties with Iran Despite Israel Conflict
Musk Battles to Protect Tesla Amid Trump Policy Threats
Air France-KLM Acquires Majority Stake in Scandinavian Airlines
UK Educators Sound Alarm on Declining Child Literacy
Shein Fined €40 Million in France Over Misleading Discounts
Brazil’s Lula Visits Kirchner During Argentina House Arrest
Trump Scores Legislative Win as House Passes Tax Reform Bill
Keir Starmer Faces Criticism After Rocky First Year in Power
DJI Launches Heavy-Duty Coaxial Quadcopter with 80 kg Lift Capacity
U.S. Senate Approves Major Legislation Dubbed the 'Big Beautiful Bill'
Largest Healthcare Fraud Takedown in U.S. History Announced by DOJ
×