Priya PatelTLDR:
Chinese engineer Song Wu has been charged in the U.S. for conducting a years-long cyber espionage campaign targeting NASA, the military, and private companies. He was indicted on charges of wire fraud and aggravated identity theft for obtaining unauthorized access to computer software and source code. The campaign involved spear-phishing emails sent to employees at NASA, the U.S. Air Force, Navy, and Army, among others.
Detailed Summary:
A Chinese national named Song Wu has been indicted in the U.S. on charges of conducting a “multi-year” spear-phishing campaign targeting NASA, research universities, and private companies to obtain unauthorized access to computer software and source code. Wu, who was employed as an engineer at the Aviation Industry Corporation of China (AVIC), has been charged with wire fraud and aggravated identity theft.
The spear-phishing campaign involved creating email accounts to mimic U.S.-based researchers and engineers, which were then used to obtain specialized software for aerospace engineering and computational fluid dynamics. The emails were sent to employees at NASA, the U.S. military, and major research universities in several states. The campaign ran from January 2017 to December 2021.
Separately, another Chinese national named Jia Wei, a member of the People’s Liberation Army (PLA), was indicted for infiltrating a U.S.-based communications company to steal proprietary information related to civilian and military communication devices. Wei attempted to install malicious software to gain unauthorized access to the company’s network.
In a related development, three individuals in the U.K. pleaded guilty to running a website that enabled cybercriminals to bypass banks’ anti-fraud checks and take control of bank accounts. The service, named OTP.agency, targeted over 12,500 members of the public between September 2019 and March 2021.
