Connect with us

Hi, what are you looking for?

Jewish Business News

Cyber, Security

FireEye Uncovers Chinese Spy Campaign in Israel

Cybersecurity firm Mandiant, also known as FireEye, has revealed that Chinese espionage has been conducting an extensive campaign against Israeli targets. The attacks were made against Israeli government institutions, IT providers, and telecommunications organizations.

Mandiant attributes this campaign to Chinese operators known as UNC215, a Chinese espionage operation that has been suspected of targeting organizations around the world since at least 2014. Mandiant asserts that UNC215 has compromised organizations in the government, technology, telecommunications, defense, finance, entertainment, and health care sectors. The group targets data and organizations which are of great interest to Beijing’s financial, diplomatic, and strategic objectives.

UNC215’s targets are located throughout the Middle East, Europe, Asia, and North America, says Mandiant.

In early 2019, Mandiant began identifying and responding to intrusions in the Middle East by Chinese espionage group UNC215. These intrusions exploited the Microsoft SharePoint vulnerability CVE-2019-0604 to install web shells and FOCUSFJORD payloads at targets in the Middle East and Central Asia.

The hackers would take control of an internal system like Windows to steal all sorts of sensitive information, such as credentials and passwords. They also ran native Windows commands on compromised servers, executing all manner of operations on the victims’ systems. They also tried to scrub any evidence of their activities from the affected systems.

Mandiant explained that they worked with Israeli defense agencies to review data from additional compromises of Israeli entities. This analysis showed multiple, concurrent operations against Israeli government institutions, IT providers and telecommunications entities beginning in January 2019. During this time, UNC215 used new TTPs to hinder attribution and detection, maintain operational security, employ false flags, and leverage trusted relationships for lateral movement.

Mandiant believes this adversary is still active in the region.

In July The White House revealed that the European Union, the United Kingdom, and NATO had joined are joining the United States in exposing and criticizing the People’s Republic of China’s malicious cyber activities.

“Our allies and partners are a tremendous source of strength and a unique American advantage, and our collective approach to cyber threat information sharing, defense, and mitigation helps hold countries like China to account,” said the White House in a statement. It added that the announcement built, “on the progress made from the President’s first foreign trip. From the G7 and EU commitments around ransomware to NATO adopting a new cyber defense policy for the first time in seven years, the President is putting forward a common cyber approach with our allies and laying down clear expectations and markers on how responsible nations behave in cyberspace.”

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Newsletter

Advertisement

You May Also Like

World News

In the 15th Nov 2015 edition of Israel’s good news, the highlights include:   ·         A new Israeli treatment brings hope to relapsed leukemia...

empty

The contract signed between the Israeli government and Pfizer shows clearly and unequivocally that this is a clinical study on humans - The agreement...

Travel

After two decades without a rating system in Israel, at the end of 2012 an international tender for hotel rating was published.  Invited to place bids...

Business

Now Platika joins and elite club of $10 billion plus Israeli firms.

Advertisement