Organizations and individuals involved in U.S.-China trade economic policy and trade relations have been targeted by Chinese state-backed threat group TA415, also known as APT41 and Brass Typhoon, in a cyberespionage campaign between July and August that sought to exploit ongoing trade talks between both countries, reports The Hacker News.TA415 exploited the Cloudflare WARP VPN service to covertly distribute spear-phishing emails purporting to be from the U.S.-China Business Council that included links to password-protected archives containing an LNK file, according to a Proofpoint analysis.Opening the LNK file results in the execution of a batch script that runs the WhirlCoil Python loader while displaying a decoy PDF document, with the loader enabling Visual Studio Code remote tunnel creation for persistence and data compromise, said researchers, who noted the recent campaign to be similar to a September 2024 attack against manufacturing, aerospace, chemical, and insurance entities.Such findings come after highly targeted cyberespionage intrusions against the U.S. were noted to be underway by the House Select Committee on China.
Threat Intelligence, Critical Infrastructure Security
US-China economic relations subjected to Chinese cyberespionage

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



