Researchers have claimed that a sophisticated state-sponsored Chinese hacking group broke into the website of a private U.S. trade group that sees some of America’s biggest companies as members.
Ahead of a summit between President Donald Trump and Chinese President Xi Jinping, an elite Chinese hacking group has reportedly broken into the website of the National Foreign Trade Council (NFTC), a prominent advocate of international trade policy.
According to Reuters, the hacking group left a malicious link on web pages of the domain where members register for upcoming meetings. The revelatory claims were made by researchers at Fildelis Cybersecurity, an industry firm. A Reuters source familiar with the trade group also confirmed the breach of the website.
Washington-based NFTC was targeted in a campaign dubbed by researchers as Operation Tradesecret. The non-profit, which is notable for its efforts to shape international trade policy has corporate members including the likes of Amazon, Ford Motor Company, Microsoft, Johnson & Johnson, Wal-Mart and more.
The website was targeted using ‘Scanbox’ a spyware tool that would have recorded the type and versions of software running on compromised computers. This reconnaissance work is followed by targeted attacks exploiting flaws in the previously-detected software.
Researchers at Fidelis wrote:
Scanbox was previously reported to have been used by multiple Chinese actor groups that are believed to be state sponsored, including the ones thought to be behind well-publicized intrusions in recent years — namely, the Anthem Healthcare and the U.S. Office of Personnel Management (OPM) breaches.
More specifically, Scanbox has previously only been known to be used by groups associated with the Chinese government, the security firm added. Recently, the malware was spotted on a Uygher cultural news site, a website for an ethnic minatory group, the Uyghers, who are under close scrutiny by the Chinese government.
The breach was first detected about five weeks ago by a NFTC director, Fidelis revealed, who is a client of the security firm. The malicious link was promptly removed and the FBI has been notified of the discovery. AS things stand, there is no evidence of any compromise or NFTC members being affected.
Image credit: Flickr.