Summary: A Chinese national, Wu Song, has been indicted for a phishing campaign targeting U.S. academics and engineers to steal software developed for NASA, which could have military applications. The indictment highlights ongoing concerns about cyber espionage linked to state-sponsored actors in China.
Threat Actor: Wu Song | Wu Song
Victim: NASA | NASA
Key Point :
- Wu Song, employed by the Aviation Industry Corporation of China, faces 28 counts including wire fraud and aggravated identity theft.
- The phishing campaign targeted software critical for aerospace engineering, including NASA’s CBAero tool.
- The case underscores the ongoing threat of cyberwarfare and intellectual property theft by state-sponsored actors from China.
- The Aviation Industry Corporation of China has been blacklisted by the U.S. government due to its ties to the military-industrial complex.
Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
At-Large Wu Song, 39, Faces 28-Count Criminal Indictment
U.S. federal prosecutors indicted a Chinese national employed by a state-owned aerospace and defense conglomerate with a years-long phishing campaign aimed at extracting software developed for NASA.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
An indictment unsealed Monday accuses Wu Song, 39, of targeting dozens of U.S. academics and engineers to obtain applications used in aerospace engineering and computational fluid dynamics – programs that could be used for the development of development tactical missiles and aerodynamic design or weapons assessment. Prosecutors said the China-based Song was an engineering employee of Beijing-based Aviation Industry Corporation of China. He faces 14 counts of wire fraud, and each count carries a prison sentence of up to 20 years if he is convicted, and another 14 counts of aggravated identity theft.
“Borders are not barriers to prosecuting bad actors who threaten our national security,” said Ryan Buchanan, U.S. attorney for the Northern District of Georgia, where Song is also being prosecuted. Song is at large.
Prosecutors said Song began sending out targeted emails masquerading as messages from colleagues or friends in 2017 and kept up the campaign at least through 2021. In missives quoted in the indictment, Song asked for copies of eight different applications. Among the programs he requested was a NASA tool known as CBAero – the acronym stands for “configuration-based aerodynamics” – that NASA says it uses to predict ” conceptual aero-thermodynamic environments of aerospace configurations.” Prosecutors said the software is designated as “U.S. release only.”
Song also phished for a software approved for U.S.-government use only, an application known as Direct Simulation Monte Carlo Analysis Code, or DAC, “used for the simulation and analysis of low-density flow fields.”
China initiated programs during the first decade of this century to jump-start advanced domestic technology through efforts that have included forced technology transfer from foreign companies and intellectual property theft through hacking. The Department of Justice in 2020 indicted five Chinese nationals for hacking more than 100 companies in the United States and abroad, a campaign executed by a Beijing hacking group tracked as APT41, Brass Typhoon, Wicked Panda and Winnti.
APT41 has stolen at least hundreds of gigabytes of intellectual property, much of it linked to an agenda set out by Chinese leader Xi Jinping known as “Made in China 2025,” a House panel heard experts testify in September 2023.
The Aviation Industry Corporation of China is among the world’s largest defense contractors but also manufactures civil aviation. The federal government blacklisted the company in June 2023 by restricting its ability to buy U.S.-made dual-use technology. U.S. persons have been blocked since 2021 from investing into the company after the Department of Treasury classified it as part of the Chinese military-industrial complex.
Source: https://www.bankinfosecurity.com/us-indicts-chinese-national-for-phishing-for-nasa-tech-a-26298