Chinese Espionage Group UNC215 Targeted Israeli Government Networks
Reports have emerged that the Chinese espionage group tracked as UNC215 leveraged remote desktop protocols to access an Israeli government network. This was made possible by leveraging stolen credentials from trusted third parties. New research from Mandiant revealed that data gathered from telemetry efforts and the information shared by Israeli entities lead security researchers to determine that there were multiple concurrent operations conducted by China against Israeli government institutions, IT providers, and telecommunications entities. The campaign reportedly began in January of 2019. The findings of Mandiant’s investigation have been posted by FireEye in a blog detailing the group’s operation tactics, techniques, and procedures.
UNC215 has targeted private companies, governments, and various organizations across North America, Europe, Asia, and the Middle East in the past. Mandiant released its research after governments in North America, Europe, Asia, and organizations such as the EU and NATO released a joint announcement condemning the widespread cyber-espionage conducted by the Chinese government and its affiliates. The group has recently been exploiting the Microsoft SharePoint vulnerability to install web shells and payloads.