A Chinese national, Song Wu, has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign targeting NASA, U.S. research universities, and private companies. This effort was aimed at obtaining unauthorized access to computer software and source code for military and aerospace engineering applications.
Song Wu, 39, faces 14 counts of wire fraud and 14 counts of aggravated identity theft. If convicted, each count of wire fraud could lead to a maximum of 20 years in prison, with an additional two-year consecutive sentence for aggravated identity theft.
Wu worked as an engineer for the Aviation Industry Corporation of China (AVIC), a state-owned aerospace and defense company in Beijing. AVIC has over 100 subsidiaries, 24 listed companies, and more than 400,000 employees. In 2020 and 2021, AVIC and its subsidiaries were placed under U.S. sanctions, preventing American investments.
The spear-phishing campaign began in January 2017 and continued through December 2021. Wu is alleged to have created fake email accounts mimicking U.S.-based researchers and engineers. These fraudulent emails targeted employees at NASA, the U.S. Air Force, Navy, Army, Federal Aviation Administration (FAA), as well as private companies and research universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana, and Ohio.
The emails, which appeared to come from colleagues, were used to deceive targets into sharing restricted aerospace software. The stolen software had potential military applications, such as developing advanced tactical missiles and performing aerodynamic design assessments for weapons.
Although the U.S. Department of Justice (DoJ) has not disclosed the names of the software targeted, it emphasized the importance of protecting sensitive information. Keri Farley, Special Agent in Charge of FBI Atlanta, stated, "Once again, the FBI and our partners have demonstrated that cyber criminals around the world who are seeking to steal our companies' most sensitive and valuable information can and will be exposed and held accountable."
Coinciding with this indictment, the DoJ also unsealed another case against Jia Wei, a member of the People's Liberation Army (PLA). Wei is accused of infiltrating a U.S. communications company in 2017 to steal proprietary information related to civilian and military communication devices.
These developments underscore the ongoing cybersecurity challenges faced by government agencies, companies, and institutions in protecting their valuable data from cyber threats.
