China is conducting the espionage as the communist country spends billions of dollars on its Belt and Road Initiative (BRI), a global infrastructure development strategy, and invests in projects in Israel and Middle East that will further BRI, according to a report from Mandiant, part of cybersecurity firm FireEye.
Keeping tabs on projects is at the root of the espionage.
China has conducted “intrusion campaigns” along the BRI route to “monitor potential obstructions,” the report said.
Mandiant, working with the Israeli defense agencies, also found “multiple, concurrent operations against Israeli government institutions, IT providers and telecommunications entities beginning in January 2019.”
The report attributes the activity to a group called UNC215.
There were several incidents where operators conducted “credential harvesting and extensive internal network reconnaissance,” Mandiant said. Credential harvesting typically refers to stealing sensitive account information such as usernames and passwords.
UNC215 was careful to clean up evidence after gaining access to a system. “This type of action can make it more difficult for incident responders to reconstruct what happened during a compromise,” according to Mandiant.
China and the Middle East
China has considerable leverage in the region, according to the Washington, D.C.-based Middle East Institute says on its website.
“China has earned much of its leverage in the region, especially on the African side of the Red Sea/Gulf of Aden, by becoming the leading financier and builder of infrastructure projects such as dams, roads, railways, and IT networks,” the Institute says.
That investment includes a 7,500-mile-long undersea “Peace” cable from Pakistan to France that runs the length of the Red Sea, the Middle East Institute says. Hengtong, a Chinese company, is constructing the cable.
The Mandiant report comes after announcements from governments in North America, Europe, and Asia citing concerns about China’s malicious cyber activities.
An announcement from the White House on July 19 said, “the United States and our allies and partners are exposing further details of the PRC’s pattern of malicious cyber activity and taking further action to counter it, as it poses a major threat to U.S. and allies’ economic and national security.”