Infosec experts fear China could retaliate against tariffs with a Typhoon attack
World War Fee As the trade war between America and China escalates, some infosec and policy experts fear Beijing will strike back in cyberspace.
Shortly after the US tariff on imported Chinese goods increased to 104 percent on Wednesday, China boosted its duty on American imports to 84 percent.
“China urges the US to immediately correct its wrong practices, cancel all unilateral tariff measures against China, and properly resolve differences with China through equal dialogue on the basis of mutual respect,” the Office of the Tariff Commission of the State Council said in a statement.
US President Trump, citing a “lack of respect” from Beijing, hiked the China tariff yet again, this time increasing it to 125 percent.
The administration later “paused” retaliatory levies on many other countries, though it kept the 125 percent tariff on China.
“When you punch at the United States of America, President Trump is going to punch back further,” White House press secretary Karoline Leavitt told reporters.
While this back and forth is poised to destroy trade between the two nations — and skyrocket consumer prices or cut off supplies entirely — there is a growing concern President Xi Jinping might call in his army of cyber-spies to support the People’s Republic.
“China will retaliate with systemic cyber attacks as tensions simmer over,” cybersecurity advisor Tom Kellermann told The Register. “The typhoon campaigns have given them a robust foothold within critical infrastructure that will be used to launch destructive attacks. Trade wars were a historical instrument of soft power. Cyber is and will be the modern instrument of choice.”
Trade wars were a historical instrument of soft power. Cyber is and will be the modern instrument of choice
The “typhoon campaigns” refer to a series of Chinese government-backed digital intrusions that came to light last year. These include Salt Typhoon, an espionage team that broke into at least nine US telecommunications companies and government networks, and Volt Typhoon, which has been burrowing into America’s critical infrastructure since at least 2023 and readying destructive cyberattacks against those targets.
“To the extent that China is holding back on conducting certain types of cyberattacks, it may feel less restrained now,” said Annie Fixler, director of the Center on Cyber and Technology Innovation at that Foundation for Defense of Democracies.
“The intelligence community has assessed that China has conducted operational preparation of the battlefield to disrupt US critical infrastructure and cause societal panic, impede US government decision making, and degrade our ability to mobilize forces,” Fixler told The Register.
“China is unlikely to activate these capabilities right now as Beijing is holding them in reserve for a Taiwan crisis. But China has in essence pre-set bombs across U.S. critical infrastructure, so what more could they want?”
While it remains to be seen what, if anything, Beijing-backed goons plan to do in cyberspace to push back against Trump’s tariffs — in addition to spying, of course, which never really goes away — financially motivated cybercriminals have already found ways to exploit people’s confusion around the constantly in-flux trade rules.
Digital fraudsters cash in
“We definitely have seen this ramping up in the last few weeks,” Luigi Lenguito, CEO of BforeAI, told The Register.
His company uses artificial intelligence to predict whether a web domain will be malicious before it is used to launch an attack, and in the first three months of 2025 tracked 301 tariff-related malicious domain registrations.
“This was not unexpected,” Lenguito said, noting that Trump has been talking about tariffs even before he was elected. Cybercriminals were paying attention, and “they were preparing this infrastructure weeks ago.”
Tariff-related fraud tends to fall into three buckets, he noted. The first is a new spin on the DHL phishing scam, where the recipient receives an email or text message claiming to be from DHL or another shipping company like FedEx or UPS. The message says the individual has a package waiting for pickup. “But to release it, you have to pay the tariff,” Lenguito explained.
The scam then directs the recipient to a phony website and prompts them to enter their personal and payment information, which is then recorded by the crooks to use for fraud.
“This has always existed, especially abroad, but we’ve seen an extreme peak here in the US,” Lenguito said. “Normally you would have maybe a few hundred of these every week. Now you’re looking at tens of thousands.”
Criminals are also capitalizing on invoice fraud, and using this type of scam to target small- and mid-sized businesses. The firms receive a customised invoice purporting to come from a supplier they use with references to new import fees that changed as the goods were being shipped.
“The novelty here is that historically, you would see this type of fraud using standardized content, so maybe the same fake PDF of an invoice sent to multiple potential victims,” Lenguito said. “But in this case, each potential victim is receiving a dedicated, customized PDF, and that tells us that the criminal is probably using generative AI tooling.”
The third category of scam, “and the most frightening,” combines digital fraud and in-person social engineering, according to Lenguito.
“Let’s say that you received a package from FedEx yesterday,” he explained. “Today someone shows up at your home saying, ‘Yesterday, we delivered this package. We forgot to ask you to pay the tariff, here’s the receipt, I need you to pay me.'”
BforeAI suspects the criminals behind this attempt are using info-stealing malware or some type of spyware running on a victim’s computer to alert the crooks that a package has been delivered to the recipient’s address. Or, frankly, any other way to quietly monitor their web activities for evidence of package deliveries.
“Unfortunately, these are very, very credible and very, very well done,” Lenguito said. “So it’s very easy to fall prey to these scams.” ®
READ MORE HERE