Why did threat actor UNC215 start to write in Farsi? Security researchers Stav Shulman (Mandiant) knows the answer. In her “How do you say ‘Chinese Supply Chain Attack’ in Farsi” talk, she observes a new targeted campaign against multiple Israeli targets in the government, hi-tech and IT sectors. One of the interesting features of this campaign was the presence of false flags – in the malware code there were comments written in Farsi.