U.S. trade group hacked with Chinese software ahead of Xi summit
A sophisticated hacking group that pursues Chinese government interests broke into the website of a private U.S. trade group ahead of Thursday's summit between U.S. President Donald Trump and Chinese President Xi Jinping, according to researchers.
The hackers left a malicious link on web pages where members of the National Foreign Trade Council (NFTC) register for upcoming meetings, according to researchers at Fidelis Cybersecurity and a person familiar with the trade group.
The nonprofit NFTC is a prominent advocate on international trade policy, with corporate members including Wal-Mart Stores Inc (WMT.N), Johnson & Johnson (JNJ.N), Amazon.com Inc (AMZN.O), Ford Motor Co (F.N) and Microsoft Corp (MSFT.O).
The malicious link deployed a spying tool called Scanbox, which would have recorded the type and versions of software running on the computers of those exposed to it, said Fidelis researcher John Bambenek. Such reconnaissance is typically followed by new attacks using known flaws in the detected software, especially older versions.
Scanbox has only been used by groups associated with the Chinese government, Fidelis said, and was recently seen on a political site aimed at Uyghurs, an ethnic minority under close government scrutiny in China.
<snip>
http://www.reuters.com/article/us-usa-china-cyber-idUSKBN1781N5