Security News > 2021 > August > Experts Believe Chinese Hackers Are Behind Several Attacks Targeting Israel
A Chinese cyber espionage group has been linked to a string of intrusion activities targeting Israeli government institutions, IT providers, and telecommunications companies at least since 2019.
FireEye's Mandiant threat intelligence arm attributed the campaign to an operator it tracks as "UNC215", a Chinese espionage operation that's believed to have singled out organizations around the world dating back as far as 2014, linking the group with "Low confidence" to an advanced persistent threat widely known as APT27, Emissary Panda, or Iron Tiger.
"UNC215 has compromised organizations in the government, technology, telecommunications, defense, finance, entertainment, and health care sectors," FireEye's Israel and U.S. threat intel teams said in a report published today.
"The group targets data and organizations which are of great interest to Beijing's financial, diplomatic, and strategic objectives," the findings reflecting a relentless appetite for defense-related secrets among hacking groups.
Early attacks perpetrated by the collective is said to have exploited a Microsoft SharePoint vulnerability as a stepping stone toward infiltrating government and academic networks to deploy web shells and FOCUSFJORD payloads at targets in the Middle East and Central Asia.
"China has conducted numerous intrusion campaigns along the BRI route to monitor potential obstructions-political, economic, and security-and we anticipate that UNC215 will continue targeting governments and organizations involved in these critical infrastructure projects in Israel and the broader Middle East in the near- and mid-term," the teams added.
News URL
Related news
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack (source)
- A “cascade” of errors let Chinese hackers into US government inboxes (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (source)
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)
- Kimsuky hackers deploy new Linux backdoor in attacks on South Korea (source)