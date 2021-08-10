נחשפה מתקפת סייבר ענקית של סין על ישראל גורמי ביון סינים הצליחו להוציא מידע רב ממערכות ממשלה, משק ואקדמיה ישראליות מאז שנת 2019. גורמי ביטחון מתריעים כי המתקפה ממשיכה גם בימים אלה ועל הגופים במשק להגן על עצמם. ההאקרים התחזו לאיראנים והשתמשו במילים בפרסית בקוד כלי התקיפה. מה מעניין אותם? טכנולוגיית נהיגה אוטונומית, תקשורת מהירה והרבה...

Cyber-spyingCyber-spying agents, apparently Chinese, are now under widespread attack on government ministries, university research centers and Israeli media and high-tech companies, according to Israeli security officials. This is a continuation of the prolonged attack in the years 2019-2020 that was reported tonight at The Marker. However, the defense establishment believes that there was no intrusion into information related to Israel's security.The company that published the report is the Israeli branch of the large American cyber company FireEye. , Including tenders attended by Chinese companies, as well as a lot of technological information on research and development, patents and research in academia, including communication technologies, autonomous driving and renewable energy.Israeli security bodies are also constantly involved in the investigation, and there the decision was made to reveal what was happening to the public. The main problem that bothers the security bodies is that it is difficult to estimate the extent of the damage: it turns out that Chinese cyber people manage to steal the information and disappear without a trace, so it is not possible to know exactly what information is in the hands of the communist state. The whole affair has been kept secret to this day, but now the defense establishment has decided to publish some of the things in order to increase awareness and defense among elements in the economy.Ram Levy, CEO of the Cyber Defense Company and who was the center of the cyber committee in the Prime Minister's Office, says: “This is not surprising. What is surprising is that they discovered it at all. Spying on Chinese elements is happening in Israel all the time, but a state espionage campaign should not be discovered. "Aviad Hennis, VP of technology at Cynet, says: "We were able to infiltrate using a webshell, a Trojan horse that allows remote commands to be run, and we recognized that it was linked to the Chinese Phenium group."According to Suns Yashar, the Chinese attackers disguised their activities, among other things, by impersonating the Iranians, and even used Persian words in the code of the attack tool. In doing so, they misled the researchers and led to the dissemination of an estimate that Iranian elements are trying to influence the Israeli election campaign (in the first round in 2019). "We were sure it was an Iranian group and only after two years of research do we realize it was the tip of the iceberg of a broad Chinese campaign," Yashar says. She said a similar tactic was used by the Chinese in attacking Saudi Arabia. In Turkey, however, they impersonated Indian attackers.The defense establishment says that the Chinese extensive attack indicates the high level of Chinese offensive cyber, which produces sophisticated cyber attacks that are very, very difficult to detect, and from the trio in large and well-protected companies. The fact that the Chinese spy in Israel has been known for some time, but locating this attack made it possible to better understand what interests the Chinese: research at the forefront of technology, innovation in every field, civilian research fields such as climate. It is estimated that the attacks will continue and the way to try and deal with the attacks is by raising the awareness of companies in the economy and of the public.According to intelligence sources, the source of the Chinese attacks in the world is in three government agencies: one is the military agency, which is equivalent to Unit 8200 in the IDF, the second is the cyber unit of the Chinese GSS, and the third is the cyber unit of the Chinese institution (MSS). The current espionage on Israel. This body also operates the cyber attack group, which according to a report from Cyberizen has infiltrated communications and cellular companies to track the details of subscribers and their contacts.Yashar says that the campaign that is being conducted these days uses high-capacity cyber-attack tools, which manage, among other things, to enter the volatile memories of the servers and retrieve information that is not accessible through the operating system. The ability to locate attack tools in volatile memories is almost non-existent and most cyber defense tools will not notice an attack. Apparently this is an attack targeted at academic bodies. However, she said there is no complete certainty that these are Chinese elements again and it is possible that these are Iranian elements.Yashar warns that the ability of Chinese cyber actors to succeed in carrying out far-reaching attacks is now increasing, with the approval of a new law requiring any Chinese company that detects a vulnerability in any system to provide the details of the weakness to the government before reporting it to the responsible company. The result, she said, is that the Chinese government can carry out "zero day" attacks with vulnerabilities that are not known to other intelligence services.Chinese cyber spies 'posed as Iranians while targeting Israeli government'According to threat intelligence researchers, the hackers attempts to conceal their origin was more likely an effort to slow down response efforts than actually frame Iran.Alexander J Martin, technology reporterAlexander MartinTechnology reporter @AlexMartinTuesday 10 August 2021 15:42, UKSHANGHAI, CHINA - August 5: The Chinese flag flaps in the wind on August 5, 2010 in Shanghai, China. (Photo by Lucas Schifres/Getty Images)Image:Hackers based in China masqueraded as Iranians while targeting Israel, a FireEye report saysWhy you can trust Sky NewsA cyber espionage group from China masqueraded as Iranian hackers while breaking into and spying on Israeli government institutions, according to a new report by security researchers.The report from security company FireEye, which unmasked the group alongside Israeli defence agencies, says there is insufficient evidence to link the espionage group to the Chinese state.Sponsored linkMost Dangerous Selfies Ever TakenMost Dangerous Selfies Ever TakenFar & WideRecommended byHowever, the company's threat analysts are confident that the espionage group is Chinese and that its targets "are of great interest to Beijing's financial, diplomatic, and strategic objectives".Secret documents reveal Iranian research into cyber attacks on cargo shipsSecret documents reveal Iranian research into cyber attacks on cargo shipsThe hackers' attempt to conceal their nationality was "a little bit unusual", according to Jens Monrad, who heads the work of FireEye's threat intelligence division Mandiant in EMEA."We have seen historically a few false flag attempts. We saw one during the Olympics in South Korea," he told Sky News, referencing Russian hackers pretending to be Chinese and North Korean.Advertisement"There might be several reasons why a threat actor wants to do a false flag - obviously it makes the analysis a bit more complex," Mr Monrad told Sky News.More on ChinaChina: Wandering herd of elephants head for home after year-long journeyAlibaba fires manager over claims he sexually assaulted employee on business tripChina: Flooding kills more than 300 - including 14 trapped in subwayCOVID-19: China orders testing of 12 million Wuhan residents as more Delta variant cases identifiedTencent shares slump after online games branded 'spiritual opium' and 'electronic drugs' by Chinese state mediaKris Wu: K-pop star detained on suspicion of rape in ChinaThe report focused on cyber spying targeting Israeli government institutions, IT providers, and telecommunications entities, but the group had additionally attempted to hack computer networks in the UAE and elsewhere.Mr Monrad said the attempt to conceal the hackers' identity "wasn't very clever" but did slow the company's analysis of these incidents, which he added may have been the goal.The Chinese group attempted to use Farsi in the parts of code which could be recovered by incident response teams, and also used hacking tools associated with Iranian groups that had previously been leaked online.However, linguistic analysts at FireEye said the terms chosen by the group wouldn't have been used by native Farsi speakers."The use of Farsi strings, filepaths containing /Iran/, and web shells publicly associated with Iranian APT [Advanced Persistent Threat] groups may have been intended to mislead analysts and suggest an attribution to Iran," the report said.FireEye said that although this group and the known state-sponsored group designated APT 27 had some overlaps, particularly in their targets, the company could only have low confidence in linking them together.The Iranian government accused APT 27 of hacking into its networks in 2019.Play Video - US 'prepared to take further action' against RussiaUS 'prepared to take further action' against RussiaThough the report was published this week, the hacking activities precede a warning in July from President Joe Biden about the growing likelihood of the US ending up in "a real shooting war with a major power" as a result of a cyber attack.Speaking to Sky News previously - following then British defence secretary Gavin Williamson claiming that Moscow could cause "thousands and thousands and thousands" of deaths in the UK with a cyber attack - Mr Monrad cautioned that military responses to such an attack would requite a "very high certainty of attribution".The new group, designated UNC 215 - meaning it is unclassified as either a state-sponsored group or one operating independently - also used the Hindi language and Arabic when targeting Uzbekistan.FireEye's report stated: "This cyber espionage activity is happening against the backdrop of China's multi-billion-dollar investments related to the Belt and Road Initiative (BRI) and its interest in Israel's robust technology sector."China has conducted numerous intrusion campaigns along the BRI route to monitor potential obstructions [including] political, economic, and security," the company said, adding that it anticipates China will "continue targeting governments and organisations involved in these critical infrastructure projects".The report follows the UK and allies accusing China of "systematic cyber sabotage" following an espionage operation earlier this year which also allowed criminals, potentially including those which Beijing used as contractors, to access the affected servers.At the time, Chinese foreign ministry spokesman Zhao Lijian said: "The US ganged up with its allies and launched an unwarranted accusation against China on cybersecurity. It is purely a smear and suppression out of political motives. China will never accept this."