WASHINGTON – A major cybersecurity firm says it believes Beijing-backed hackers carried out cyberattacks on Israel while pretending to be operating from Israel’s archrival, Iran.
U.S. cybersecurity firm FireEye said on August 10 that a study it conducted in cooperation with the Israeli military found that “UNC215,” described by FireEye as a spy group suspected of being from China, had hacked into Israeli government networks after using remote desktop protocols (RDPs) to steal credentials from trusted third parties. RDPs enable a hacker to connect to a computer from afar and see the “desktop” of the remote device.
FireEye data, along with information shared by Israel’s defense agency, show that starting in January 2019, UNC215 carried out a number of concurrent attacks “against Israeli government institutions, IT providers, and telecommunications entities,” according to the report.
Mandiant: Chinese hackers masquerading as Iranians
FireEye’s report comes shortly after a July 19 joint statement by the U.S., the European Union and NATO accusing China of “a pattern of malicious cyber activity” aimed at entities ranging from foreign governments to private companies globally.
In 2019 and 2020, when hackers allegedly broke into the computers of the Israeli government and technology companies, investigators looked for clues to find those responsible for the cyberattacks. The initial evidence pointed directly to Iran, Israel’s geopolitical rival….