The only obvious solution to this problem is to try to keep investigators away from clues by tracking targets that are not really of interest. But this will lead to its own problems-increasing the amount of activity will greatly increase the chance of being seized-which brings hackers to the Catch-22 dilemma.
The fingerprints left by the attackers were enough to finally convince investigators in Israel and the United States that the Chinese organization was responsible, not Iran. There is a precedent for the same hacker organization, and similar deception tactics have been used before. In fact, it may even invade the Iranian government in 2019, adding a layer of deception.
This is the first example of a large-scale Chinese hacking attack on Israel, followed closely by Billions of dollars in Chinese investment Enter the Israeli technology industry. They are part of Beijing’s “One Belt One Road” initiative, an economic strategy aimed at promoting economic development. Rapidly expand China’s influence And clear across Eurasia to reach the Atlantic Ocean.U.S. issued a warning be opposed to Investment on the grounds that they pose a security threat. The Chinese Embassy in Washington did not immediately respond to a request for comment.
Misleading And misattribution
The UNC215 attack on Israel is not particularly complicated or successful, but it shows the importance of attribution and misattribution in cyber espionage. Not only does it provide a potential scapegoat for attacks, but it also provides diplomatic cover for attackers: When faced with evidence of espionage, Chinese officials often try to undermine these allegations by arguing that it is difficult or sometimes impossible to track hackers.
Attempts to mislead investigators raise a larger question: How often do false labeling attempts to fool investigators and victims? Hultquist said this is not common.
“It is still quite rare to see this,” he said. “The thing about these deceptions is that if you observe the event through a narrow aperture, it can be very effective.”
A single attack may be successfully attributed to a mistake, but in the course of multiple attacks, it becomes increasingly difficult to maintain this disguise. This is the case with Chinese hackers targeting Israel throughout 2019 and 2020.
“But once you start linking it to other events, this deception loses its effectiveness,” Hultquist explained. “It’s hard to keep cheating in multiple operations.”
The most famous attempt Misattribution Cyberspace is a Russian cyber attack on the opening ceremony of the 2018 South Korean Winter Olympics.Dubbing Olympic Destroyer, The Russians tried to leave clues to North Korean and Chinese hackers—the conflicting evidence seemed to be designed to prevent investigators from drawing any clear conclusions.
“Olympic Destroyer is an amazing example of false labeling and attribution nightmare,” Costin Raiu, head of Kaspersky Lab’s global research and analysis team, Tweet then.
In the end, the researchers and the government did blame the Russian government for this incident. Last year, the United States be accused Six Russian intelligence personnel participated in the attack.
Those North Korean hackers who were initially suspected of being among the Olympic Destroyer hackers have their own Dropped Error signs appeared during their own operations. But they were eventually discovered by private sector researchers and the U.S. government and their identities were determined. be accused Earlier this year, three North Korean hackers.
“There has always been a misunderstanding that attribution is more impossible than it actually is,” Hultiquist said. “We have always thought that false signs would enter the conversation and undermine our entire argument that attribution is possible. But we have not got there yet. These are still detectable attempts to undermine attribution. We are still capturing this. They still There is no crossover.”