April 6, 2017 by

Chinese Hackers Target Major US Trade Group

Researchers have claimed that a sophisticated state-sponsored Chinese hacking group broke into the website of a private U.S. trade group that sees some of America’s biggest companies as members.

Ahead of a summit between President Donald Trump and Chinese President Xi Jinping, an elite Chinese hacking group has reportedly broken into the website of the National Foreign Trade Council (NFTC), a prominent advocate of international trade policy.

According to Reuters, the hacking group left a malicious link on web pages of the domain where members register for upcoming meetings. The revelatory claims were made by researchers at Fildelis Cybersecurity, an industry firm. A Reuters source familiar with the trade group also confirmed the breach of the website.

Washington-based NFTC was targeted in a campaign dubbed by researchers as Operation Tradesecret. The non-profit, which is notable for its efforts to shape international trade policy has corporate members including the likes of Amazon, Ford Motor Company, Microsoft, Johnson & Johnson, Wal-Mart and more.

The website was targeted using ‘Scanbox’ a spyware tool that would have recorded the type and versions of software running on compromised computers. This reconnaissance work is followed by targeted attacks exploiting flaws in the previously-detected software.

Researchers at Fidelis wrote:

Scanbox was previously reported to have been used by multiple Chinese actor groups that are believed to be state sponsored, including the ones thought to be behind well-publicized intrusions in recent years — namely, the Anthem Healthcare and the U.S. Office of Personnel Management (OPM) breaches.

More specifically, Scanbox has previously only been known to be used by groups associated with the Chinese government, the security firm added. Recently, the malware was spotted on a Uygher cultural news site, a website for an ethnic minatory group, the Uyghers, who are under close scrutiny by the Chinese government.

The breach was first detected about five weeks ago by a NFTC director, Fidelis revealed, who is a client of the security firm. The malicious link was promptly removed and the FBI has been notified of the discovery. AS things stand, there is no evidence of any compromise or NFTC members being affected.

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

UK Cybersecurity Chief Blames Russia for Cyberattacks

The head of the UK GCHQ’s National Cyber Security Centre (NCSC) has accused Russia of staging...

Read more arrow_forward

US Identifies Six Russian Govt Officials Involved in DNC Hack

The US Justice Department has reportedly gathered enough evidence to charge six Russian government...

Read more arrow_forward

Energy Secretary: Cyber Threat to American Nuclear Facilities are Real

The FBI and the DHS have issued a joint report alleging that hackers are targeting key installations...

Read more arrow_forward