"In this activity, the group masqueraded as the current Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party (CCP), as well as the U.S.-China Business Council, to target a range of individuals and organizations predominantly focused on U.S.-China relations, trade, and economic policy, Proofpoint said in an analysis."
"The campaign, per Proofpoint, mainly focused on individuals who specialized in international trade, economic policy, and U.S.-China relations, sending them emails spoofing the U.S.-China Business Council that invited them to a supposed closed-door briefing on U.S.-Taiwan and U.S.-China affairs. The messages were sent using the email address "uschina@zohomail[.]com," while also relying on the Cloudflare WARP VPN service to obfuscate the source of the activity."
Activity attributed to China-aligned TA415 targeted U.S. government officials, think tank researchers, and academic specialists in international trade, economic policy, and U.S.-China relations during July–August 2025. The group masqueraded as the Chair of the Select Committee on Strategic Competition and as the U.S.-China Business Council to invite victims to a purported closed-door briefing on U.S.-Taiwan and U.S.-China affairs. Attack messages originated from uschina@zohomail[.]com, used Cloudflare WARP to obfuscate sources, and linked to password-protected archives on Zoho WorkDrive, Dropbox, and OpenDrive containing Windows LNK shortcuts designed to execute malware. Activity shows overlaps with APT41/Brass Typhoon.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]