The Reveal Platform
Intel Name: Going underground: china-aligned ta415 conducts u.s.-china economic relations targeting using vs code remote tunnels
Date of Scan: September 17, 2025
Impact: High
Summary: Between July and August 2025, TA415 conducted spearphishing campaigns targeting U.S. government, think tanks, and academic institutions using U.S.-China economic-themed lures. The group impersonated prominent entities like the Select Committee on Strategic Competition and the US-China Business Council to target individuals focused on U.S.-China relations. The phishing campaigns deployed a Visual Studio Code Remote Tunnel to establish persistent access without traditional malware. TA415 leveraged legitimate services such as Google Sheets, Google Calendar, and VS Code tunnels for command and control to evade detection. This activity, tied to APT41 and other aliases, likely aims to collect intelligence on U.S.-China economic policy amid ongoing geopolitical tensions.
