China launched massive cyberattack on Israel: report

China attacks companies they negotiate with, according to cybersecurity expert Sanaz Yashar.

Updated: August 10, 2021 - 4:09pm

The Facts Inside Our Reporter’s Notebook

A massive cyberattack against Israel was likely from China, which hit dozens of both governmental institutions and private organizations, according to a report from a security company.

The international cybersecurity company FireEye made the announcement on Monday, after looking into the attack for the past two years, Haaretz reported.

This was the largest cyberattack against Israel from China, and "was part of a broader campaign that targeted many other countries, including Iran, Saudi Arabia, Ukraine, Uzbekistan and Thailand," according to Haaretz.

The state and private entities that were targeted by the attack in 2019-2020 ranged across the fields of defense, information technology, shipping, academia, telecommunications, and high-tech.

FireEye determined that the cyberattack came from Chinese intelligence services and the Ministry of State Security based on comparing the hacking tools that had been used in similar, prior attacks to those used in this one.

Popular targets included IT companies because hackers could reach other companies through them. The information the cyberattack targeted to steal were business intelligence, know-how, and commercial secrets.

Lead FireEye investigator into the attack, Sanaz Yashar, said that China's Belt and Road Initiative might be part of the reason for the cyberattack, as it aims to create a global route for Chinese products, and "is connected with huge infrastructure projects in which China is involved, including in Israel, like ports or railroads."

"Another Chinese interest in Israel is its technology sector," Yashar added. "There are a lot of Israeli companies that are involved in the very fields at the core of Chinese interests, as reflected in their five-year plans.​

"Their goal isn't necessarily always to steal intellectual property; it's possible that they're actually looking for business information," she continued. "In the Chinese view, it's legitimate to attack a company while negotiating with it, so they will know how to price the deal properly.

"When the Chinese do business, they don't enter the contract with their eyes shut. They examine the other offers, the board of directors' emails, correspondence among people, what the intrigues are and who the key people are."

As to what information the cyberattack was focused on targeting, Yashar said, "This attacker was specifically interested in emails, vacuuming up huge quantities of emails. We see that immediately after entering, they mapped the network and looked for document and email servers."

Usernames and passwords were also snatched, which might be used for reentering the targets again or using them to attack other targets, according to Haaretz.

FireEye, a $4 billion publicly traded company, worked with the Israeli Prime Minister's Office and government cybersecurity experts in the investigation.

Israel has been targeted in cyberattacks over the years from Iran, Palestinians, and Islamist groups. However, because of how massive this Chinese cyberattack on Israel was, the country might have to respond to it, Haaretz reported.

China was condemned by the U.S., EU, Australia, and New Zealand on July 19 for a massive cyberattack on the Microsoft Exchange mail server, which sustained significant damage around the world.

Just the News Spotlight