Cybersecurity company FireEye on Tuesday announced it has detected a massive cyberattack from China targeting companies in Iran, Saudi Arabia, and especially Israel.
The hackers sought to obtain proprietary technology and sensitive business information that would give Chinese state companies a competitive advantage.
FireEye designated the Chinese espionage group “UNC215” and said its techniques are similar to those of APT27, a threat nicknamed “Emissary Panda” that operates from the People’s Republic of China and most recently attempted to steal large sums of money by attacking videogame companies with ransomware.
FireEye speculated the original APT27 group might have disbanded and passed some of its tools along to other groups, but did not have “sufficient evidence” to establish a linkage with high confidence.
UNC215’s campaign in the Middle East and Central Asia began in 2019, taking advantage of a vulnerability in Microsoft’s SharePoint software to crack targeted systems, inject spyware, and harvest electronic credentials that could be employed to access valuable restricted data.
One of UNC215’s capers allegedly involved using stolen credentials from “trusted third parties” to break into an Israeli government network in 2019. The group, FireEye reported, was very careful to cover its tracks, occasionally loading its malware code with bits of foreign language or using hacker tools strongly associated with other countries to conceal their Chinese identity and throw investigators off their trail. In three instances discovered by FireEye, UNC215 made a concerted effort to pretend it was Iranian.
“This cyber espionage activity is happening against the backdrop of China’s multi-billion-dollar investments related to the Belt and Road Initiative (BRI) and its interest in Israeli’s robust technology sector,” FireEye noted.
The Chinese Embassy to Israel dismissed FireEye’s report as “baseless accusations” and “defamation for political purposes.”
The embassy claimed China is a “staunch upholder of cybersecurity” and a “major victim of cyberattacks” itself.
“We hope Israeli friends and media outlets can make a clear distinction between right and wrong and refrain from providing platforms for rumors,” the Chinese embassy said.
COMMENTS
Please let us know if you're having issues with commenting.