Chinese hacking group Playful Taurus aimed cyber attacks at Iranian government platforms from July to December of 2022, according to a report published Wednesday by American cybersecurity company Palo Alto Networks.
The company’s analysis suggests that four entities of the Iranian government’s infrastructure have been compromised by what is known as an advanced persistent threat (APT), or cyberattack campaign with the goal to mine sensitive data.
Among the group’s targets were Iran’s Foreign Ministry and Natural Resource Organization, read the findings from Palo Alto Networks’ threat intelligence team called Unit 42.
The Chinese group has been called by various names including APT15, Vixen Panda, Backdoor Diplomacy, KeChang and NICKEL. It has been engaged in espionage campaigns since 2010, according to Palo Alto. It has been known to target governments and other diplomatic organizations ranging from North and South America to the Middle East.
The discovery was made thanks to the hacks using malware called Turian, which Palo Alto Networks believes is exclusive to Playful Taurus.
This advanced toolkit made the Chinese group’s hacking efforts especially powerful, according to WeLiveSecurity, an international group of about 180 cybersecurity researchers called ESET, which originated in Slovakia.
Turian is an upgrade of Quarian, the malware that was used to target the Syrian Ministry of Foreign Affairs in 2012 and the US State Department in 2013, according to ESET.
Last October, CNN reported that an elite Chinese hacking group had penetrated companies and government agencies in the United States and dozens of other countries. The report identified the campaign as the most significant cyberespionage to face the Biden administration. The Justice Department has stated that the Chinese hackers stole the intellectual property of American companies and caused major financial losses.