- The Washington Times - Thursday, April 6, 2017

The National Foreign Trade Council, a private American lobbying group whose corporate members include Wal-Mart, Ford and Microsoft, among others, was recently targeted by a sophisticated hacking group associated with the Chinese government, security researchers said Thursday.

Hackers compromised the trade group’s website and attempted to deliver malware to individuals who visited specific pages, including those used by NFTC members to register for upcoming trade meetings, Fidelis Cybersecurity said in a new report published Thursday.

Based on its findings, Fidelis said it’s “highly probable” nation-state hackers set its sights on the NFTC and its members to target “key private-sector players involved in lobbying efforts around United States’ foreign trade policy.”

NFTC members have been key participants in the dialogue around the composition of the new trade policy framework being formulated within the Trump administration,” Fidelis said.

Further research connected the attack to previous attacks conducted against members of the Japanese government, suggesting the likely involvement of a sophisticated hacking group with ties to China known by names including “APT10” and “Stone Panda,” the report added.

The attack unfolded in late February, prior to this week’s highly anticipated summit involving President Trump and his Chinese counterpart, President Xi Jinping, Fidelis said Thursday.

“I think it’s traditional espionage that happens ahead of any summit,” Fidelis researcher John Bambenek told Reuters. “They would like to know what we, the Americans, really care about and use that for leverage.”

Mr. Xi and former President Barack Obama agreed in 2015 that neither country’s government will use cyberattacks to steal trade secrets or other confidential business information from one another for commercial gain. The reported NFTC intrusion was likely not a breach of the Obama-era agreement, Mr. Bambenek told Reuters.

By compromising the NFTC website, Fidelis said the Stone Panda hackers aimed to infect visitors with “Scanbox,” malware used exclusively in the past by actors affiliated with the Chinese government. Scanbox typically scours infected computers for valuable system information, then sends that data back to hackers for use in future operations, according to Fidelis.

“The information gathered with this reconnaissance can be used in phishing campaigns directed toward targeted individuals. These campaigns can then exploit specific vulnerabilities known to exist within the user’s applications,” its researchers wrote in Thursday’s report.

Organizations with representatives on the NFTC board of directors should be wary of being targeted further, Fidelis added.

Scanbox has previously been deployed against the Uyghurs, an ethnic minority group in the Xinjiang province, China, and has been linked to the same hacking group blamed for waging high-profile cyberattacks against Anthem Healthcare and the U.S. Office of Personnel Management, among others, according to Fidelis.

Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide