Officials Claim China, Not India, Behind E-Mail Hack of U.S. Commission

It appears that hackers in China – not India as previously suspected – were behind the apparent leak of e-mails last week from the U.S.-China Economic and Security Review Commission.

It appears that hackers in China – not India as previously suspected – were behind the apparent leak of e-mails last week from the U.S.-China Economic and Security Review Commission.

It was widely reported last Monday that the Commission, initially created in 2000 to supervise trade and oversee security between the United States and the People’s Republic of China, had been breached by an Indian government program codenamed RINOA SUR. Through the project, intelligence officers allegedly utilized backdoors in products crafted by Research in Motion, Nokia and Apple to gain insight on the Commission’s inner workings.

Reuters, speaking to U.S. officials who prefer to stay anonymous, writes today that the breach emanated from China and didn’t target the Commission but instead, the non-governmental National Foreign Trade Council (NFTC). An analysis of the raw e-mail data showed countless messages to and from William Reinsch, who currently heads the NFTC, but formerly served as the Commission’s chairman.

While he claimed he became aware of the hack in November, Reinsch claimed he wasn’t sure why Indian hackers would be interested in his e-mail correspondence.

It seems less surprising however that a Chinese hacking collective would be interested; given the likelihood the e-mails would include communication regarding the U.S.-China Commission. In fact, Reuters’ sources claim Reinsch’s affiliation to his previous employers made him more of a target for Chinese hackers. The article also implies the NFTC, a non-governmental group, would naturally be a better target for hackers by having less-secure infrastructure than the congressionally-mandated Commission.

For more on this, head to Reuters.

Suggested articles

plugX malware loader TA416

TA416 APT Rebounds With New PlugX Malware Variant

The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.