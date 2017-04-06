| SAN FRANCISCO, April 6
group that pursues Chinese government interests broke into the
website of a private U.S. trade group ahead of Thursday's summit
between U.S. President Donald Trump and Chinese President Xi
Jinping, according to researchers.
The hackers left a malicious link on web pages where members
of the National Foreign Trade Council (NFTC) register for
upcoming meetings, according to researchers at Fidelis
Cybersecurity and a person familiar with the trade group.
The nonprofit NFTC is a prominent advocate on international
trade policy, with corporate members including Wal-Mart Stores
Inc, Johnson & Johnson, Amazon.com Inc,
Ford Motor Co and Microsoft Corp.
The malicious link deployed a spying tool called Scanbox,
which would have recorded the type and versions of software
running on the computers of those exposed to it, said Fidelis
researcher John Bambenek. Such reconnaissance is typically
followed by new attacks using known flaws in the detected
software, especially older versions.
Scanbox has only been used by groups associated with the
Chinese government, Fidelis said, and was recently seen on a
political site aimed at Uyghurs, an ethnic minority under close
government scrutiny in China.
The breach was detected about five weeks ago by a NFTC
director who is a customer of Fidelis, the security company
said. Both the Federal Bureau of Investigation and the NFTC were
notified and the malicious link removed, and Fidelis said it had
no evidence of NFTC members being infected.
The FBI and the NFTC declined to comment. A spokesman for
the Chinese foreign ministry did not respond to a request for
comment.
Bambenek said he believed the attack was classic espionage
related to international trade talks, rather than a violation of
a 2015 agreement between former U.S. President Barack Obama and
Xi to end spying for commercial motives.
The summit starting on Thursday is the first meeting between
Xi and Trump, who blamed China on the campaign trail for the
loss of many U.S. jobs and vowed to confront the country's
leaders on the matters of trade and currency manipulation.
“I think it’s traditional espionage that happens ahead of
any summit,” said Bambenek. “They would like to know what we,
the Americans, really care about and use that for leverage.”
Other security firms agreed that wholesale theft of U.S.
intellectual property has not returned.
Instead, FireEye Inc and BAE Systems Plc
said that the hacking group identified by Fidelis, called APT10,
has recently attacked government and commercial targets in
Europe.
FireEye researcher John Hultquist said heavy industries in
Nordic countries have been hacked more often as Beijing switches
priorities.
“They are certainly taking those resources and pushing them
to other places where they can still get away with this
behavior," Hultquist said.
