China-linked espionage campaign targets major trade group

China-linked espionage campaign targets major trade group
© Getty Images

Malware used by known espionage groups was implanted on the events page of an influential trade advocacy group in late February and early March, according to researchers who discovered the attacks.

The cybersecurity firm Fidelis found malware known as Scanbox on the "Events" page of the National Foreign Trade Council, where it was downloaded onto visitors computers for a brief period earlier this year leading up to Council's board of directors meeting on March 7. 

Scanbox, software that searches computers for vulnerabilities to use in attacks, is used by espionage groups previously traced to China. It was used at one point in attacks against China's minority Uighur population, a frequent target of Chinese government pressure. Additionally, one of the groups known to use Scanbox is thought to have perpetrated the attack on OPM.


The program identifies useful information for attacks, such as what web browser a user utilizes and which versions of vulnerable software including Java, Flash and Acrobat the user has installed.

The NFTC's staff and board represent a number of influential people and companies. President Rufus Yerxa, for example, was the U.S. ambassador to GATT, the WTO's predecessor. Amazon, Ford, Halliburton, Wal-Mart and other major companies on the NFTC's board. 

Fidelis products, like many security products, scan for Scanbox. Fidelis became aware of the attack through client reports. 

The Scanbox malware was active on the NFTC website between Feb. 27 and March 2. The malware was removed from the site by the time Fidelis contacted NFTC.