According to an announcement made on Tuesday, August 10 by FireEye, a global cybersecurity firm, a coordinated cyberattack, which most likely originated in China, hit dozens of Israeli government and private organizations.
This cyberattack is the first documented case of a large-scale Chinese attack on Israel, the world’s leading cyber superpower. Aimed at leaking political and commercial secrets of Israel, this attack was part of a broader campaign that targeted many other countries, including Iran, Saudi Arabia, Ukraine, Uzbekistan, and Thailand.
A quick scan of the attack:
WHAT: Massive cyber-attack by China’s intelligence against Israel
WHEN: Between January 2019 and December 2020
WHY: Tech theft, political harm, and business intelligence
HOW: By exploiting loopholes in servers
VICTIMS: Sensitive data including emails, government records and financial documents of dozens of state and private Israeli organizations including defence bodies were stolen
A blast from the past
By analyzing the hacking tools used and comparing them to similar attacks in the past, FireEye concluded that Chinese intel services and their Ministry of State Security were behind the attack.
FireEye, a California-based cybersecurity and investigation company, has been monitoring the operation for two years. According to their report, the Israeli targets included state bodies and private organizations from shipping, high-tech, telecommunications, defence, academia, and information technology. The group, dubbed UNC215, has its targets located throughout the Middle East, Europe, Asia, and North America. The report focuses on intrusion activity primarily overserved at Israeli entities.
Israeli IT companies were particularly sought-after targets because they are known as a supply chain threat, which means that through them, the hackers could reach many other companies. The aim was to steal know-how, commercial secrets, and business intelligence.
According to FireEye, one possible factor in the attacks is China’s Belt and Road Initiative (BRI), designed to create a continuous land and water route worldwide for Chinese products. This initiative covers substantial infrastructure projects, like ports and railroads.
Sanaz Yashar, the FireEye employee who led the investigation, mentions that the Chinese interest in Israel is its technology sector. Many Israeli companies are involved in the same fields that Chinese businesses operate in, providing services to many Chinese states.
One of the key objectives of this attack was to get the pricing information on deals and steal other ideas and intellectual data by accessing Email correspondence and documents. The attackers immediately after entering the server, mapped the network and scanned for document and email servers. They also seized usernames and passwords, possibly reenter the same targets later or enter new targets.
A brewing Inter-State Cyber-conflict
The Jewish state has been attacked by Iran and Palestine on multiple occasions, but never before by China. The hackers concealed their identities using Iranian hacking tools. They masqueraded their campaign using Farsi strings and web shells publicly associated with Iranian APT groups to mislead the investigators and complicate the investigation.
On July 19, several countries issued a strong condemnation of China over its massive Microsoft Exchange mail server attack. This attack, which was also attributed to the Ministry of State Security, caused enormous damage worldwide. The statement’s signatories included the United States, Australia, New Zealand, and the European Union’s member states.
Israel has allowed Chinese companies to carry out several major infrastructure projects despite the ongoing American feud with China. This includes building a new port in Haifa and the light rail project in the greater Tel Aviv area. However, Israel didn’t grant the Chinese firm Hutchison the permit to buy their mobile operator Partner. In addition, it was reported that Israel might have intervened to thwart the sale of the Phoenix insurance company to a Chinese firm, Fosun.
The devastating consequence of Cyberwarfare
The strategy used by Chinese threat actors shows the murkier side of cyber warfare. State-sponsored cyberattacks are challenging to investigate and resolve due to the high sophistication and backend/infrastructure support.
While we can hope that the global powers will come together to resolve inter-state conflicts that lead to such attacks, prevention through means like improvement of cybersecurity posture, a robust security infrastructure managed by experts, and training for all personnel within the organization on the latest in cybersecurity is the only antidote to such attacks.