A Chinese hacking group has carried out a cyber espionage campaign against Israeli entities. According to US-based cybersecurity firm FireEye (update March 2022: original article removed by source), the campaign targeted government bodies, IT providers, and telecom firms. The group stole large amounts of user information and conducted internal network reconnaissance.
Strategic Interest in the Middle East
FireEye says that the group, known as UNC215, has carried out multiple concurrent attacks since January, 2019. The firm did not report direct involvement of the Chinese government. However, it said that the group targets data and organisations that “are of great interest to Beijing’s financial, diplomatic, and strategic objectives.”
During the same campaign, the group attacked targets in Iran, the UAE, and Kazakhstan. It may have sought to attribute the campaign to Iran.
According to FireEye’s report, this act of cyber-espionage will prove favorable for China’s “multi-billion-dollar investments” in the Belt and Road Initiative (BRI). Additionally, it highlights the Chinese Government’s interest in Israel’s rapidly growing technology sector.
UNC215 is suspected to be active since at least 2014, and has targeted entities across the Middle East, Europe and North America.
UNC215 Attempted to Hide its Tracks
The group made intrusions by exploiting a vulnerability in Microsoft Sharepoint. It used custom malware tools called FOCUSFJORD and HYPERBRO for the attacks. FOCUSFJORD was used in the initial stages of the intrusion, and HYPERBRO malware was used to collect information.
Additionally, UNC215 deployed a custom tool that’s been associated with Iranian actors in the past. Based on this, FireEye suspects that UNC215 intended to draw eyes towards Iran for the attack.
FireEye believes that UNC215 is still active in the region. Consequently, it stated that it had worked with Israeli defence agencies to review data on the attacks.
Increasing Cyber Espionage Attacks by Chinese Groups
This report is the latest in a growing line of global allegations against China. A few weeks ago, Chinese hacking groups allegedly compromised five global telecommunications companies and engaged in cyber espionage.
In July, the U.S., U.K., and their allies formally accused the Chinese Government for its role in the Microsoft Exchange Hack. This attack targeted organizations, businesses, and governments in several countries.
US officials have warned Israel about Chinese involvement in its technology sector. Israel has tried to maintain friendly relations and economic ties with both countries. As a result, it finds itself caught in China and the United States’ battle for global influence.
FireEye stated that it expects the hacking group to continue its operations, and target key players in the infrastructure initiative in Israel and the Middle East.