Click to see full-size image
International cybersecurity company FireEye claimed that it had detected a coordinated cyberattack that hit dozens of Israeli government and private organizations.
The attack allegedly originated in China.
This report rides the wave of the July 19th announcements by governments in North America, Europe, and Asia and intragovernmental organizations, such as the North Atlantic Treaty Organization (NATO), and the European Union, condemning widespread cyber espionage conducted on behalf of the Chinese Government.
“These coordinated statements attributing sustained cyber espionage activities to the Chinese Government corroborate our long-standing reporting on Chinese threat actor targeting of private companies, governments, and various organizations around the world, and this blog post shows yet another region where Chinese cyber espionage is active.”
“The activity detailed in this post demonstrates China’s consistent strategic interest in the Middle East. This cyber espionage activity is happening against the backdrop of China’s multi-billion-dollar investments related to the Belt and Road Initiative (BRI) and its interest in Israeli’s robust technology sector,” FireEye reported.
Click to see full-size image
Additionally:
- Chinese companies have invested billions of dollars into Israeli technology startups, partnering or acquiring companies in strategic industries like semi-conductors and artificial intelligence.
- As China’s BRI moves westward, its most important construction projects in Israel are the railway between Eilat and Ashdod, a private port at Ashdod, and the port of Haifa.
According to the company’s report, the Israeli targets included state bodies and as well as private organizations from the fields of shipping, high-tech, telecommunications, defense, academia and information technology.
By analyzing the hacking tools used and comparing them to similar attacks in the past, FireEye concluded that Chinese intel services and their Ministry of State Security was behind the attack.
As mentioned above, Sanaz Yashar, who led FireEye’s investigation into Israeli targets, said that one possible factor in the attacks is China’s Belt and Road Initiative, which is meant to create a continuous land and water route around the world for Chinese products.
This initiative “is connected with huge infrastructure projects in which China is involved, including in Israel, like ports or railroads,” she explained.
“Another Chinese interest in Israel is its technology sector,” Yashar said. “There are a lot of Israeli companies that are involved in the very fields at the core of Chinese interests, as reflected in their five-year plans.
“Their goal isn’t necessarily always to steal intellectual property; it’s possible that they’re actually looking for business information,” she added. “In the Chinese view, it’s legitimate to attack a company while negotiating with it, so they will know how to price the deal properly.
“When the Chinese do business, they don’t enter the contract with their eyes shut. They examine the other offers, the board of directors’ emails, correspondence among people, what the intrigues are and who the key people are.”
According to FireEye, the Chinese are most likely interested in know-how in fields such as cybersecurity, renewable energy, agricultural technologies and 5G communications.
“Anyone who does business with China also interests them,” she added.
The hackers mainly took email correspondence and documents, Yashar said.
“This attacker was specifically interested in emails, vacuuming up huge quantities of emails. We see that immediately after entering, they mapped the network and looked for document and email servers.”
This is the first case of an alleged large-scale Chinese cyberattack on Israel, and it took place 2019-2020. In short, it allegedly exploited loopholes in servers and was aimed at stealing tech and business intelligence. It was aimed at various Israel state and private Israeli organization, including defense ones.
MORE ON THE TOPIC:
