A coordinated cyberattack, which most likely originated in China, hit dozens of Israeli government and private organizations, according to an announcement Monday by the international cybersecurity company FireEye.
This is the first documented case of a large-scale Chinese attack on Israel. It was part of a broader campaign that targeted many other countries, including Iran, Saudi Arabia, Ukraine, Uzbekistan and Thailand. FireEye has been monitoring the operation for two years.
LISTEN: Israeli settlers call the shots as Palestinian fatalities mount
According to the company’s report, the Israeli targets included state bodies and as well as private organizations from the fields of shipping, high-tech, telecommunications, defense, academia and information technology.
By analyzing the hacking tools used and comparing them to similar attacks in the past, FireEye concluded that Chinese intel services and their Ministry of State Security was behind the attack.
IT companies were particularly sought-after targets because they are what is known as a supply chain threat – meaning that through them, the hackers can reach many other companies. The attacks were aimed at stealing know-how, commercial secrets and business intelligence.
Sanaz Yashar, who led FireEye’s investigation into Israeli targets, said that one possible factor in the attacks is China’s Belt and Road Initiative, which is meant to create a continuous land and water route around the world for Chinese products. This initiative “is connected with huge infrastructure projects in which China is involved, including in Israel, like ports or railroads,” she explained.
“Another Chinese interest in Israel is its technology sector,” Yashar said. “There are a lot of Israeli companies that are involved in the very fields at the core of Chinese interests, as reflected in their five-year plans.
- 'The Plague': Israel braces for cyber-doomsday
- Iranian hackers hit H&M Israel as local firms fight new wave of cyberattacks
- Pegasus Project: Israel will review defense export regulation after NSO allegations, lawmaker says
“Their goal isn’t necessarily always to steal intellectual property; it’s possible that they’re actually looking for business information,” she added. “In the Chinese view, it’s legitimate to attack a company while negotiating with it, so they will know how to price the deal properly.
“When the Chinese do business, they don’t enter the contract with their eyes shut. They examine the other offers, the board of directors’ emails, correspondence among people, what the intrigues are and who the key people are.”
Yashar said the Chinese are most likely interested in know-how in fields such as cybersecurity, renewable energy, agricultural technologies and 5G communications. “Anyone who does business with China also interests them,” she added.
The hackers mainly took email correspondence and documents, Yashar said. “This attacker was specifically interested in emails, vacuuming up huge quantities of emails. We see that immediately after entering, they mapped the network and looked for document and email servers.”
They also seized usernames and passwords – possibly to be able to reenter the same targets later on, or possibly to enable them to enter different targets.
FireEye is a publicly traded company with a market capitalization of $4 billion. It is considered an important player in the world of intelligence and international investigations.
The Prime Minister’s Office was also involved in the investigation, through coordination between FireEye and governmental cybersecurity experts.
For years, Israel has been targeted by all kinds of cyber campaigns. Price of place goes to its cyberwar with Iran, which has already hit dozens of Israeli organizations. Palestinians have also attacked Israel in cyberspace, as have various Islamist groups.
But there has never before been a Chinese campaign of this scope against Israel. Consequently, Israel may be compelled to respond to it.
On July 19, several countries issued an unusually harsh condemnation of China over its massive attack on the Microsoft Exchange mail server. This attack, which was also attributed to the Ministry of State Security, caused enormous damage worldwide. The statement’s signatories included the United States, Australia, New Zealand and the European Union’s member states.
Despite the ongoing American feud with China, Israel has allowed Chinese companies to carry out several major infrastructure projects here, including building a new port in Haifa and the light rail project in the greater Tel Aviv area. However, Israel didn’t grant the Chinese firm Hutchison a permit to buy the mobile operator Partner. And it may have intervened behind the scenes to thwart the sale of the Phoenix insurance company to another Chinese firm, Fosun.