Connect with us

World News

Chinese Hackers Carried Out Coordinated Cyberattacks in Israel, Report Says

Brittany Jordan

Published

on


A group of Chinese hackers carried out coordinated cyberattacks on Israel that affected dozens of Israeli government and private organizations, according to a report from U.S. security company FireEye released Tuesday.

Israeli government institutions, IT providers and telecommunications firms were targeted by the group in a widespread espionage campaign that began in January 2019, the California-based cybersecurity firm said in its report, noting that the hackers carried out data harvesting and reconnaissance.

FireEye, which worked alongside Israeli defence agencies in probing the cyberattacks, noted that it did not have sufficient evidence to link the Chinese espionage group, called UNC215, to the Chinese communist regime. It added, however, that the group targets data and organizations which are of “great interest to Beijing’s financial, diplomatic, and strategic objectives.”

UNC215 is a Chinese espionage operation that has been suspected of targeting organizations around the world since at least 2014, the report states.

In early 2019, the group exploited a Microsoft SharePoint vulnerability, and used custom malware tools, called FOCUSFJORD and HYPERBRO. The hackers then stole users’ credentials and conducted internal network reconnaissance.

The group took steps to deliberately mislead researchers, and attempted to hide their nationality. They tried to do this by using methods such as planting Farsi in the parts of code which could be recovered by incident response teams, and using malware tools linked to Iranian groups that had previously been leaked online, FireEye said.

“The use of Farsi strings, filepaths containing /Iran/, and web shells publicly associated with Iranian APT [Advanced Persistent Threat] groups may have been intended to mislead analysts and suggest an attribution to Iran,” the company’s report said.

Jens Monrad, who leads the work of FireEye’s threat intelligence division Mandiant in EMEA, told Sky News that the group’s attempt to mask their nationality was “a little bit unusual.”

“We have seen historically a few false flag attempts. We saw one during the Olympics in South Korea,” he explained. “There might be several reasons why a threat actor wants to do a false flag—obviously it makes the analysis a bit more complex.”

The report noted that the targeted attacks came against the backdrop of China’s multi-billion-dollar investments related to the Belt and Road Initiative (BRI) and its interest in Israel’s robust technology sector.

BRI is the Chinese regime’s multi-trillion-dollar infrastructure scheme launched in 2013 to expand its trade and political influence throughout Asia, Africa, and Europe. Critics have argued that BRI has put developing countries into “debt traps.”

“China has conducted numerous intrusion campaigns along the BRI route to monitor potential obstructions [including] political, economic, and security,” FireEye said.

The company said that it expects Beijing will “continue targeting governments and organizations involved in these critical infrastructure projects.”

Sanaz Yashar, who headed FireEye’s research into Israeli targets, told Haaretz that may Israeli companies are involved in the fields that are at the core of Chinese interests, as reflected in their five-year plans.

“Their goal isn’t necessarily always to steal intellectual property; it’s possible that they’re actually looking for business information,” said Yashar. “In the Chinese view, it’s legitimate to attack a company while negotiating with it, so they will know how to price the deal properly.”

The report comes just weeks after President Joe Biden signed a memorandum that seeks to bolster the United States’ critical infrastructure against cyberattacks.

The president warned on July 27 that if the United States ended up in a “real shooting war” with a “major power,” it could come in response to a significant cyber attack.

Cybersecurity has become a key priority for the Biden administration following a string of high-profile attacks in recent months, including network management company SolarWinds, the Colonial Pipeline company, meat processing firm JBS, and software company Kaseya.

Isabel van Brugen

reporter

Isabel is an award-winning journalist, currently working as a news reporter at The Epoch Times. She graduated with a distinction in Newspaper Journalism MA from City, University of London, and is a language graduate from Queen Mary, University of London. She has worked with a variety of publications such as The Times of London, London Evening Standard, Grazia UK, Daily Express, and Bang Showbiz.

Brittany Jordan is an award-winning journalist who reports on breaking news in the U.S. and globally for the Federal Inquirer. Prior to her position at the Federal Inquirer, she was a general assignment features reporter for Newsweek, where she wrote about technology, politics, government news and important global events around the world. Her work has also appeared in the Washington Post, the South Florida Sun-Sentinel, Toronto Star, Frederick News-Post, West Hawaii Today, the Miami Herald, and more. Brittany enjoys food, travel, photography, and hoarding notebooks and journals. Her goal is to do more longform features journalism, narrative writing and documentary work, and to one day write a successful novel and screenplay.

Copyright © 2021 Federal Inquirer. All rights reserved.