Cyber Attack on US Trade Group before Trump-Xi Trade Summit


Chinese Hackers launched a cyber attack on US Trade Group just before the Trump-Xi Trade summit of Thursday. And as per the report published by cyber security firm Fidelis, the Chinese APT10 hacking group is responsible for this hack.

According to the technical details available with Cybersecurity Insiders, APT10 succeeded in implanting a piece of malware on the events page of the US National Foreign Trade Council(NFTC) website in February this year.

This activity was dubbed as “Operation Trade Secret” and was specifically launched to conduct surveillance on US based business players and lobbyists closely associated with US Trade policy activities. The hackers group placed a malicious link on the NFTC website and then sent an email link to organizations board of directors to attend a meeting in Washington DC on March 7th, 2017. As expected the link was malicious and contained spying tool called “Scanbox”.

Note 1- Historically speaking, scanbox kind of spying tools were used by china based state actors to spy on conversations, key logs and email correspondence of some political stalwarts of different nations in 2014. Now, the discovery of the latest attack has resurfaced “Scanbox” threat to the world, said John Bambenek, Security Researcher of Fidelis.

Note-2-National Foreign Trade Council acts as an advocate on international trade policy, with corporate members including Walmart stores, Johnson& Johnson, Amazon, Microsoft and Ford Motors.

As per the report published in Reuters, the malware was active on the NFTC website between Feb 27th and March 1st. Later security experts related to a law enforcement agency succeeded in removing the malware before the last week of March.

The most interesting fact of this hack saga is that the activity took place before Trump’s meet with Chinese President Xi Jinping in Florida on Thursday this week.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display