Chinese hacking group Playful Taurus aimed cyber attacks at Iranian government platforms from July to December of 2022, according to a report published Wednesday by American cybersecurity company Palo Alto Networks.
The company’s analysis suggests that four entities of the Iranian government's infrastructure have been compromised by what is known as an advanced persistent threat (APT), or cyberattack campaign with the goal to mine sensitive data.
Among the group's targets were Iran’s Foreign Ministry and Natural Resource Organization, read the findings from Palo Alto Networks' threat intelligence team called Unit 42.
Mohamed Amine Belarbi, the CEO of Cypherleak, a cyber risk monitoring platform based in Dubai and Delaware, saw the attack as means to steal intelligence information and not necessarily to damage the Iranian infrastructure.
“This is more of a cyber espionage type of attack, where the goal is to gather and steal data for intelligence purposes, not to cause harm to infrastructure or to cause monetary losses,” Belabri told Al-Monitor.
Given the nature of the attack, it was likely conducted by a government entity to collect information and maintain anonymity with no particular target, he argued.
“This is a blanket attack. Governments will deploy these sorts of malwares against any and all government infrastructure that they can reach for the purposes of gathering data from friends or foes,” Belarbi added.
But the expert added that these types of attacks are normally carried out by governments.
“Getting caught just creates some embarrassment for these governments,” he said.
The Chinese group has been called by various names including APT15, Vixen Panda, Backdoor Diplomacy, KeChang and NICKEL. It has been engaged in espionage campaigns since 2010, according to Palo Alto Networks. It has been known to target governments and other diplomatic organizations ranging from North and South America to the Middle East.
The discovery was made thanks to the hacks using malware called Turian, which Palo Alto Networks believes is exclusive to Playful Taurus.
This advanced toolkit made the Chinese group's hacking efforts especially powerful, according to WeLiveSecurity, an international group of about 180 cybersecurity researchers called ESET, which originated in Slovakia.
Turian is an upgrade of Quarian, the malware that was used to target the Syrian Ministry of Foreign Affairs in 2012 and the US State Department in 2013, according to ESET.
Last October, CNN reported that an elite Chinese hacking group had penetrated companies and government agencies in the United States and dozens of other countries. The report identified the campaign as the most significant cyber espionage to face the Biden administration. The Justice Department has stated that the Chinese hackers stole the intellectual property of American companies and caused major financial losses.
China and Iran signed in 2021 a 25-year agreement that includes economic, military and security cooperation.