Chinese Hackers Impersonated US Lawmaker in Email Espionage Campaign

As America's trade talks with China were set to begin last July, a "puzzling" email reached several U.S. government agencies, law firms, and trade groups, reports the Wall Street Journal. It appeared to be from the chair of a U.S. Congressional committee, Representative John Moolenaar, asking recipients to review an alleged draft of upcoming legislation — sent as an attachment. "But why had the chairman sent the message from a nongovernment address...?"

"The cybersecurity firm Mandiant determined the spyware would allow the hackers to burrow deep into the targeted organizations if any of the recipients had opened the purported draft legislation, according to documents reviewed by The Wall Street Journal." It turned out to be the latest in a series of alleged cyber espionage campaigns linked to Beijing, people familiar with the matter said, timed to potentially deploy spyware against organizations giving input on President Trump's trade negotiations. The FBI and the Capitol Police are investigating the Moolenaar emails, and cyber analysts traced the embedded malware to a hacker group known as APT41 — believed to be a contractor for Beijing's Ministry of State Security... The hacking campaign appeared to be aimed at giving Chinese officials an inside look at the recommendations Trump was receiving from outside groups. It couldn't be determined whether the attackers had successfully breached any of the targets.

A Federal Bureau of Investigation spokeswoman declined to provide details but said the bureau was aware of the incident and was "working with our partners to identify and pursue those responsible...." The alleged campaign comes as U.S. law-enforcement officials have been surprised by the prolific and creative nature of China's spying efforts. The FBI revealed last month that a Beijing-linked espionage campaign that hit U.S. telecom companies and swept up Trump's phone calls actually targeted more than 80 countries and reached across the globe...

The Moolenaar impersonation comes as several administration officials have recently faced impostors of their own. The State Department warned diplomats around the world in July that an impostor was using AI to imitate Secretary of State Marco Rubio's voice in messages sent to foreign officials. Federal authorities are also investigating an effort to impersonate White House chief of staff Susie Wiles, the Journal reported in May... The FBI issued a warning that month that "malicious actors have impersonated senior U.S. officials" targeting contacts with AI-generated voice messages and texts.
And in January, the article points out, all the staffers on Moolenaar's committee "received emails falsely claiming to be from the CEO of Chinese crane manufacturer ZPMC, according to people familiar with the episode."

Thanks to long-time Slashdot reader schwit1 for sharing the news.

So ...

[cascadingstylesheet]

... a standard phishing email?

Re: So ...

[Provocateur]

...and all it takes is one unsuspecting aide to read her boss's email, for Trump to spread the rumor that foreign agents have stolen his wig[sic]win yet again.

Re:So ...

[sound+vision]

With the way some of these officials communicate, it may not be easy to distinguish between them and a standard phishing email. It wouldn't surprise me if Mr. Moolenaar's "solution" for this is moving all official communication to Facebook.

Adversaries are undoubtedly looking for the weak links in America's opsec, and there's more weakness in the leadership now than ever before.

Re:So ...

[tlhIngan]

Well, given that most of the high level people in government were basically plucked from the on-screen talent of Fox News, I think the phishing campaign might be easier to detect as the emails would appear to be written by someone competent.

After all, Trump wants to invade Portland (OR) because Fox decided to show some 2020 footage of a protest, and Trump thinks that's still happening, half a decade later.

Re:

[fahrbot-bot]

... a standard phishing email?

Except that an hour later, people wanted to reply again. :-)

Mandiant the cybersecurity firm

[Mirnotoriety]

Mandiant, previously known as FireEye, was the cybersecurity company that provided services to Equifax prior to the 2017 data breach, which exposed the personal records of about 147.9 million people. There was even a case study featuring Equifax on the Mandiant website, highlighting their cybersecurity partnership. Curiously enough, that case study has since disappeared down the memory hole.

Re:

[Anonymous Coward]

PWC did audits and consulting for them prior to 2017... Equifax used internal teams for their security... Mandiant was brought in to investigate after the breach...

Putting those facts aside... had tons of clients ignore advice and get breached... we had documentation to cover our asses from liability... but being a vendor/consultant to a client and them being stupid is not a reflection on the quality of our work. Equifax didn't blame any vendors for the breach from my recall... and if they could have, the

Personal E-mail Use Has Become Normalized

[organgtool]

Government officials using personal devices to conduct government business has become normalized since at least W. Bush's administration. There should be an executive order to ignore all e-mails from government officials if it doesn't originate from a .gov address and the penalty should be immediate termination. Hey Donny, instead of waging wars on paper straws and low-flow toilets, why don't you use your power to get your administration in order?

Re:

[necro81]

Government officials using personal devices to conduct government business has become normalized since at least W. Bush's administration. There should be an executive order to ignore all e-mails from government officials if it doesn't originate from a .gov address and the penalty should be immediate termination. Hey Donny, instead of waging wars on paper straws and low-flow toilets, why don't you use your power to get your administration in order?

Except that using gov email addresses ensures there's a mes

Re:

[Woeful Countenance]

Reportedly, if Trump reads a memo on paper, he then tears it up and throw it into the trash. This violates the Presidential Records Act of 1973, which requires retaining all communications with the President. I heard an interview with the guy who has the job of taping the torn memos back together. Pro tip: You have to use the right kind of tape.

I hadn't heard this part [politico.com]: "Meet the guys who tape Trump's papers back together .... Lartey, 54, and Young, 48, were career government officials who worked together

Pathetic

[dwater]

This is trivial to fake and the cia have been at this for a very long time, getting very good at it. There's no chance they can tell who sent them.

Is that a source?

[Anonymous Coward]

people familiar with the matter said,

Does anyone take that crap seriously? If they were credible sources and telling the truth they would have no problem being identified by name.

Re:

[Admiral Krunch]

If they were credible sources and telling the truth they would have no problem being identified by name.

Says the Anonymous Coward...

Finally a benefit to AI...

[Jeremi]

AI could provide the push to finally popularize secure, authenticated email, if only because the phishing attempts will become so realistic that there will be no other way to distinguish your grandma from a foreign scammer :/