Security News > 2021 > August > Experts Believe Chinese Hackers Are Behind Several Attacks Targeting Israel
A Chinese cyber espionage group has been linked to a string of intrusion activities targeting Israeli government institutions, IT providers, and telecommunications companies at least since 2019.
FireEye's Mandiant threat intelligence arm attributed the campaign to an operator it tracks as "UNC215", a Chinese espionage operation that's believed to have singled out organizations around the world dating back as far as 2014, linking the group with "Low confidence" to an advanced persistent threat widely known as APT27, Emissary Panda, or Iron Tiger.
"UNC215 has compromised organizations in the government, technology, telecommunications, defense, finance, entertainment, and health care sectors," FireEye's Israel and U.S. threat intel teams said in a report published today.
"The group targets data and organizations which are of great interest to Beijing's financial, diplomatic, and strategic objectives," the findings reflecting a relentless appetite for defense-related secrets among hacking groups.
Early attacks perpetrated by the collective is said to have exploited a Microsoft SharePoint vulnerability as a stepping stone toward infiltrating government and academic networks to deploy web shells and FOCUSFJORD payloads at targets in the Middle East and Central Asia.
"China has conducted numerous intrusion campaigns along the BRI route to monitor potential obstructions-political, economic, and security-and we anticipate that UNC215 will continue targeting governments and organizations involved in these critical infrastructure projects in Israel and the broader Middle East in the near- and mid-term," the teams added.
News URL
Related news
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)