Researchers at Fidelis Security have revealed data suggesting Chinese state-funded actors engaged in acts of industrial espionage against a number of major US corporations, including the targeting of employees involved in lobbying the Trump administration on trade policy. The reveal comes just as China’s president, Xi Jinping, begins his visit with President Donald Trump.
Fidelis’ post shares details of a malware campaign that caused a number of websites—including that of the National Foreign Trade Council—to deliver a JavaScript-based reconnaissance tool called “Scanbox” to site visitors. A similar effort, this one coming from a fake site pretending to belong to the Japanese Foreign Ministry, was also detected.
Scanbox has been previously detected in a number of espionage campaigns, including one recently targeting a political site focused on China’s Uighur minority. The forensic details of this new campaign led Fidelis researchers to believe it was conducted by Chinese government or government-funded attackers associated with the threat group known by researchers as APT10, or “Stone Panda.”