Connect with us

Hi, what are you looking for?



China-Linked Hackers Target U.S. Trade Group

A threat actor linked to China hijacked the website of a prominent U.S. trade association in an effort to deliver reconnaissance malware to individuals who accessed certain web pages.

A threat actor linked to China hijacked the website of a prominent U.S. trade association in an effort to deliver reconnaissance malware to individuals who accessed certain web pages.

Fidelis Cybersecurity published a report detailing the campaign on Thursday, just hours before a meeting between U.S. President Donald Trump and his Chinese counterpart, Xi Jinping.

The company noticed in late February that the website of the National Foreign Trade Council (NFTC) had been hacked and set up to serve malware in what is known as a watering hole attack, or a strategic web compromise. Experts believe the attack ended by March 2, when links injected into the NFTC website had been removed.

Evidence uncovered by investigators led them to believe that the attack was conducted by a China-linked cyber espionage group known as APT10, MenuPass and Stone Panda. Fidelis has dubbed the campaign Operation TradeSecret.

According to researchers, the hackers set up certain web pages of the NFTC website to serve a reconnaissance framework known as Scanbox. The tool has been used for several years, including in attacks aimed at U.S. organizations and the Uyghur population in China.

Scanbox has various plugins that allow attackers to collect information about the infected system and the software installed on it, and log keystrokes from the web browser. The harvested data can then be used to launch further attacks against the targeted individuals.

In the case of the NFTC, whose board of directors includes some of the largest private sector companies in the United States, APT10 targeted only specific web pages. One of them was a registration page for a board of directors meeting, which suggests that people or organizations expected to attend the meeting had been targeted.

Advertisement. Scroll to continue reading.

“All organizations that have representatives on the board of directors of the NFTC — or those who would have a reason to visit the site — should investigate potentially impacted hosts using indicators provided in this report,” warned Fidelis. “Since the reconnaissance tool is typically used to enable future targeting campaigns, it should be assumed that targeted individuals will be subject to further attacks — such as spearphishing campaigns.”

The security firm said it notified the lobbying group of the breach. SecurityWeek has reached out to NFTC for comment and will update this article if the organization responds.

Fidelis also reported seeing a similar campaign involving a fake website of Japan’s Ministry of Foreign Affairs. The APT10 attacks targeting Japan were also detailed in a report published this week by PwC UK and BAE Systems.

The research conducted by the two companies focused on attacks launched by APT10 against managed service providers (MSPs) in at least fourteen countries.

Related: China-Linked Group Uses New Malware in Japan Attacks

Related: Chinese Spying Drops in Volume, Becomes More Focused

Related: U.S. Firms Targeted by China Even After Cyber Deal

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...