Skip to main content

China hackers found to have compromised Iran entities for months

A Chinese hacking group targeted multiple Iranian government bodies in 2022 using advanced malware, according to an industry report. 
This photo taken on August 4, 2020 shows Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, using a website that monitors global cyberattacks on his computer at their office in Dongguan, China's southern Guangdong province. (Photo by NICOLAS ASFOURI/AFP via Getty Images)

Chinese hacking group Playful Taurus aimed cyber attacks at Iranian government platforms from July to December of 2022, according to a report published Wednesday by American cybersecurity company Palo Alto Networks.

The company’s analysis suggests that four entities of the Iranian government's infrastructure have been compromised by what is known as an advanced persistent threat (APT), or cyberattack campaign with the goal to mine sensitive data.

Among the group's targets were Iran’s Foreign Ministry and Natural Resource Organization, read the findings from Palo Alto Networks' threat intelligence team called Unit 42. 

Mohamed Amine Belarbi, the CEO of Cypherleak, a cyber risk monitoring platform based in Dubai and Delaware, saw the attack as means to steal intelligence information and not necessarily to damage the Iranian infrastructure.  

“This is more of a cyber espionage type of attack, where the goal is to gather and steal data for intelligence purposes, not to cause harm to infrastructure or to cause monetary losses,” Belabri told Al-Monitor. 

“This is a blanket attack. Governments will deploy these sorts of malwares against any and all government infrastructure that they can reach for the purposes of gathering data from friends or foes,” Belarbi added. 

But the expert added that these types of attacks are normally carried out by governments. 

“Getting caught just creates some embarrassment for these governments,” he said. 

The Chinese group has been called by various names including APT15, Vixen Panda, Backdoor Diplomacy, KeChang and NICKEL. It has been engaged in espionage campaigns since 2010, according to Palo Alto Networks. It has been known to target governments and other diplomatic organizations ranging from North and South America to the Middle East.

The discovery was made thanks to the hacks using malware called Turian, which Palo Alto Networks believes is exclusive to Playful Taurus. 

This advanced toolkit made the Chinese group's hacking efforts especially powerful, according to WeLiveSecurity, an international group of about 180 cybersecurity researchers called ESET, which originated in Slovakia.

Turian is an upgrade of Quarian, the malware that was used to target the Syrian Ministry of Foreign Affairs in 2012 and the US State Department in 2013, according to ESET. 

Last October, CNN reported that an elite Chinese hacking group had penetrated companies and government agencies in the United States and dozens of other countries. The report identified the campaign as the most significant cyber espionage to face the Biden administration. The Justice Department has stated that the Chinese hackers stole the intellectual property of American companies and caused major financial losses.

China and Iran signed in 2021 a 25-year agreement that includes economic, military and security cooperation. 

Join hundreds of Middle East professionals with Al-Monitor PRO.

Business and policy professionals use PRO to monitor the regional economy and improve their reports, memos and presentations. Try it for free and cancel anytime.

Free

The Middle East's Best Newsletters

Join over 50,000 readers who access our journalists dedicated newsletters, covering the top political, security, business and tech issues across the region each week.
Delivered straight to your inbox.

Free

What's included:
Our Expertise

Free newsletters available:

  • The Takeaway & Week in Review
  • Middle East Minute (AM)
  • Daily Briefing (PM)
  • Business & Tech Briefing
  • Security Briefing
  • Gulf Briefing
  • Israel Briefing
  • Palestine Briefing
  • Turkey Briefing
  • Iraq Briefing
Expert

Premium Membership

Join the Middle East's most notable experts for premium memos, trend reports, live video Q&A, and intimate in-person events, each detailing exclusive insights on business and geopolitical trends shaping the region.

$25.00 / month
billed annually

Become Member Start with 1-week free trial

We also offer team plans. Please send an email to pro.support@al-monitor.com and we'll onboard your team.

What's included:
Our Expertise AI-driven

Memos - premium analytical writing: actionable insights on markets and geopolitics.

Live Video Q&A - Hear from our top journalists and regional experts.

Special Events - Intimate in-person events with business & political VIPs.

Trend Reports - Deep dive analysis on market updates.

All premium Industry Newsletters - Monitor the Middle East's most important industries. Prioritize your target industries for weekly review:

  • Capital Markets & Private Equity
  • Venture Capital & Startups
  • Green Energy
  • Supply Chain
  • Sustainable Development
  • Leading Edge Technology
  • Oil & Gas
  • Real Estate & Construction
  • Banking

Already a Member? Sign in

Start your PRO membership today.

Join the Middle East's top business and policy professionals to access exclusive PRO insights today.

Join Al-Monitor PRO Start with 1-week free trial