By JOHN HAYWARD
Cybersecurity company FireEye on Tuesday announced it has detected a massive cyberattack from China targeting companies in Iran, Saudi Arabia, and especially Israel.
The hackers sought to obtain proprietary technology and sensitive business information that would give Chinese state companies a competitive advantage.
FireEye designated the Chinese espionage group âUNC215â and said its techniques are similar to those of APT27, a threat nicknamed âEmissary Pandaâ that operates from the Peopleâs Republic of China and most recently attempted to steal large sums of money by attacking videogame companies with ransomware.
FireEye speculated the original APT27 group might have disbanded and passed some of its tools along to other groups, but did not have âsufficient evidenceâ to establish a linkage with high confidence.
UNC215âs campaign in the Middle East and Central Asia began in 2019, taking advantage of a vulnerability in Microsoftâs SharePoint software to crack targeted systems, inject spyware, and harvest electronic credentials that could be employed to access valuable restricted data.
One of UNC215âs capers allegedly involved using stolen credentials from âtrusted third partiesâ to break into an Israeli government network in 2019. The group, FireEye reported, was very careful to cover its tracks, occasionally loading its malware code with bits of foreign language or using hacker tools strongly associated with other countries to conceal their Chinese identity and throw investigators off their trail. In three instances discovered by FireEye, UNC215 made a concerted effort to pretend it was Iranian.
âThis cyber espionage activity is happening against the backdrop of Chinaâs multi-billion-dollar investments related to the Belt and Road Initiative (BRI) and its interest in Israeliâs robust technology sector,â FireEye noted.
The Chinese Embassy to Israel dismissed FireEyeâs report as âbaseless accusationsâ and âdefamation for political purposes.â
The embassy claimed China is a âstaunch upholder of cybersecurityâ and a âmajor victim of cyberattacksâ itself.
âWe hope Israeli friends and media outlets can make a clear distinction between right and wrong and refrain from providing platforms for rumors,â the Chinese embassy said.