{"id":7258,"date":"2017-04-06T10:30:31","date_gmt":"2017-04-06T18:30:31","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/04\/06\/news-1049\/"},"modified":"2017-04-06T10:30:31","modified_gmt":"2017-04-06T18:30:31","slug":"news-1049","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/04\/06\/news-1049\/","title":{"rendered":"U.S. trade lobbying group attacked by suspected Chinese hackers"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt2.staticworld.net\/images\/article\/2016\/09\/matrix-100680471-primary.idge.jpg\"\/><\/p>\n<p><strong>Credit to Author: Grant Gross| Date: Thu, 06 Apr 2017 11:02:00 -0700<\/strong><\/p>\n<p>A group of what appears to be Chinese hackers infiltrated a U.S. trade-focused lobbying group as the two countries wrestle with how they treat imports of each other&#8217;s goods and services.<\/p>\n<p>The\u00a0APT10 Chinese hacking group appears to be behind a &#8220;strategic web compromise&#8221; in late February and early March at the\u00a0National Foreign Trade Council, <a href=\"https:\/\/www.fidelissecurity.com\/TradeSecret\" target=\"_blank\">according to<\/a> security vendor\u00a0Fidelis Cybersecurity.<\/p>\n<p>The NFTC lobbies for open and fair trade and has <a href=\"http:\/\/www.nftc.org\/default\/general%20information\/2017goalsandpriorities.pdf\" target=\"_blank\">pledged to work<\/a> with U.S. President Donald Trump to &#8220;find ways to address Chinese policies that frustrate access to their market and undermine fair trade, while at the same time encouraging a positive trend in our trade relationship.&#8221;\u00a0Trump will meet with China President Xi\u00a0<span class=\"scayt-misspell-word\" data-scayt-lang=\"en_US\" data-scayt-word=\"Jinping\">Jinping<\/span>\u00a0in Florida this week.<\/p>\n<p>The lobbying group discovered the attack almost immediately and took steps to remove the malware and protect website visitors, a source close to the group said.<\/p>\n<p>It is &#8220;highly probable&#8221; that the web attack\u00a0targeted key private-sector organizations focused on U.S. trade policy,\u00a0Fidelis Cybersecurity said in a blog post. The company&#8217;s research has found a\u00a0similar operation targeting government officials in Japan, it said.<\/p>\n<p>&#8220;The connections we can draw from the Japanese campaign lead us to estimate that it is highly probable that the actors involved are known as APT10,&#8221; a well-known Chinese hacking group.<\/p>\n<p>The attack on the lobbying group, dubbed\u00a0Operation TradeSecret by Fidelis, targeted visitors to some of the organization&#8217;s\u00a0web pages, including one used to register for meetings. The attacks served reconnaissance malware known as Scanbox, Fidelis said.<\/p>\n<p>Scanbox is typically used by hackers associated with or sponsored by the Chinese government, the company said. It gives hackers multiple capabilities, including JavaScript keyloggers installed on target PCs. The information gathered with this reconnaissance can be used in phishing campaigns directed toward targeted individuals. These campaigns can then exploit specific vulnerabilities known to exist within the user&#8217;s applications.<\/p>\n<p>The information gathered can then be used in phishing campaigns targeting specific computer users, Fidelis said.<\/p>\n<p>&#8220;The benefit of such a watering-hole attack is that it enables the adversary to target key individuals as they go about their business,&#8221; said Hardik Modi, vice president for threat research at\u00a0Fidelis. &#8220;Big business plays a key role in the formulation of trade policy in the U.S., and our expectation is that this campaign was about gathering intelligence in advance of the negotiations that accompany the [U.S.-China] summit.&#8221;<\/p>\n<p>Lobbying groups are particularly attractive targets, Modi added by email. They are &#8220;in a difficult position because they often have a\u00a0sensitive membership and can be an easy conduit for the adversary to target the specific interest group they&#8217;re interested in,&#8221; he said. &#8220;This has been part of cyber tradecraft for a long time now.&#8221;<\/p>\n<p>This type of espionage is &#8220;an age-old tradition for governments,&#8221; he added.<\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3188231\/security\/us-trade-lobbying-group-attacked-by-suspected-chinese-hackers.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt2.staticworld.net\/images\/article\/2016\/09\/matrix-100680471-primary.idge.jpg\"\/><\/p>\n<p><strong>Credit to Author: Grant Gross| Date: Thu, 06 Apr 2017 11:02:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>A group of what appears to be Chinese hackers infiltrated a U.S. trade-focused lobbying group as the two countries wrestle with how they treat imports of each other&#8217;s goods and services.<\/p>\n<p>The\u00a0APT10 Chinese hacking group appears to be behind a &#8220;strategic web compromise&#8221; in late February and early March at the\u00a0National Foreign Trade Council, <a href=\"https:\/\/www.fidelissecurity.com\/TradeSecret\" target=\"_blank\">according to<\/a> security vendor\u00a0Fidelis Cybersecurity.<\/p>\n<p>The NFTC lobbies for open and fair trade and has <a href=\"http:\/\/www.nftc.org\/default\/general%20information\/2017goalsandpriorities.pdf\" target=\"_blank\">pledged to work<\/a> with U.S. President Donald Trump to &#8220;find ways to address Chinese policies that frustrate access to their market and undermine fair trade, while at the same time encouraging a positive trend in our trade relationship.&#8221;\u00a0Trump will meet with China President Xi\u00a0<span class=\"scayt-misspell-word\" data-scayt-lang=\"en_US\" data-scayt-word=\"Jinping\">Jinping<\/span>\u00a0in Florida this week.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3188231\/security\/us-trade-lobbying-group-attacked-by-suspected-chinese-hackers.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714],"class_list":["post-7258","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7258","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7258"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7258\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7258"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7258"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7258"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}