“ScanBox” Web malware used compromised National Foreign Trade Council website.
Researchers at Fidelis Security have revealed data suggesting Chinese state-funded actors engaged in acts of industrial espionage against a number of major US corporations, including the targeting of employees involved in lobbying the Trump administration on trade policy. The reveal comes just as China’s president, Xi Jinping, begins his visit with President Donald Trump.
Scanbox has been previously detected in a number of espionage campaigns, including one recently targeting a political site focused on China’s Uighur minority. The forensic details of this new campaign led Fidelis researchers to believe it was conducted by Chinese government or government-funded attackers associated with the threat group known by researchers as APT10, or “Stone Panda.”
Similar activity has been tracked by PwC and BAE Systems since late 2016, largely targeting Japanese organizations by attacking their IT-managed service providers to gain access to their networks. Past attacks using the Scanbox framework have been conducted by other Chinese state actor threat groups, including the espionage campaigns against Forbes in 2014 and 2015 and the breach at the health provider Anthem.
NFTC has been heavily involved in lobbying efforts regarding the Trump administration’s trade policy, including an effort urging action on Trump’s appointee for US Trade Representative, Robert Lighthizer. NFTC previously supported the Trans Pacific Partnership and has been critical of Trump’s travel ban executive orders.