The only obvious solution to this problem is to try to keep investigators away from clues by tracking targets that are not really of interest. But this will lead to its own problems-increasing the amount of activity will greatly increase the opportunity to be seized-which brings hackers to the Catch-22 dilemma.

The fingerprints left by the attackers were enough to finally convince investigators in Israel and the United States that it was the Chinese organization, not Iran, that was responsible. There is a precedent for the same hacker organization, and similar deception tactics have been used before. In fact, it may even invade the Iranian government in 2019, adding an extra layer of deception.

This is the first example of a large-scale Chinese hacking attack on Israel, followed closely by Billions of dollars in Chinese investment Enter the Israeli technology industry.They are part of Beijing’s “One Belt One Road” initiative, an economic strategy aimed at Rapidly expand China’s influence Cross Eurasia to reach the Atlantic Ocean.U.S. issued a warning be opposed to Investment on the grounds that they pose a security threat. The Chinese Embassy in Washington did not immediately respond to a request for comment.

Misleading And misattribution

The UNC215 attack on Israel is not particularly complicated or successful, but it shows the importance of attribution and misattribution in cyber espionage. Not only does it provide a potential scapegoat for attacks, but it also provides diplomatic cover for attackers: When faced with evidence of espionage, Chinese officials often try to undermine these allegations by arguing that it is difficult or sometimes impossible to track hackers.

Attempts to mislead investigators raise a bigger question: How often do false labels attempt to fool investigators and victims? Hultquist said this is not common.

“It’s still quite rare to see this,” he said. “The thing about these deceptions is that if you observe the event through a narrow aperture, it can be very effective.”

“It is very difficult to make the deception continue to operate multiple times.”

John Hotquist, Fire Eye

A single attack may be successfully attributed to a mistake, but in the course of multiple attacks, it becomes increasingly difficult to maintain this disguise. This is the case with Chinese hackers targeting Israel throughout 2019 and 2020.

“But once you start linking it to other events, this deception loses its effectiveness,” Hultquist explained. “It’s hard to keep cheating in multiple operations.”

The most famous attempt Misattribution Cyberspace is a Russian cyber attack on the opening ceremony of the 2018 South Korean Winter Olympics.Dubbing Olympic Destroyer, The Russians tried to leave clues to North Korean and Chinese hackers—the conflicting evidence seemed to be designed to prevent investigators from drawing any clear conclusions.

“Olympic Destroyer is an amazing example of false labeling and attribution nightmare,” Costin Raiu, head of Kaspersky Lab’s global research and analysis team, Tweet then.

In the end, the researchers and the government did blame the Russian government for this incident. Last year, the United States be accused Six Russian intelligence personnel participated in the attack.

Those North Korean hackers who were initially suspected of being among the Olympic Destroyer hackers have their own Dropped An error sign appeared during their own operation. But they were eventually discovered by private sector researchers and the U.S. government and their identities were determined. be accused Earlier this year, three North Korean hackers.

Hultiquist said: “There has always been a misunderstanding that attribution is more impossible than it actually is.” “We have always believed that false signs will enter the conversation and undermine our entire argument that attribution is possible. But we are not there yet. These are. It is still a detectable attempt to destroy attribution. We are still capturing this. They have not crossed the line yet.”


Source link

Leave a Reply