US indicts Chinese hackers for corporate espionage

The three Chinese nationals are accused of infiltrating US firms to steal trade secrets.
Written by Charlie Osborne, Contributing Writer
File Photo

US prosecutors have indicted three Chinese nationals accused of hacking into US companies to steal trade secrets and conduct corporate espionage.

On Monday, the US Department of Justice (DoJ) said that Wu Yingzhuo, Dong Hao, and Xia Lei worked for Internet security firm Guangzhou Bo Yu Information Technology (Boyusec) in order to infiltrate US companies and other international firms.

According to prosecutors, the trio hacked into corporate systems between 2011 and May 2017, for the purposes of stealing trade secrets, spying, and identity theft.

The indictment alleges that the hackers conspired to breach company systems in order to access and steal internal documents, IP, and trade secrets, targeting specific companies and victims in order to gain a "commercial advantage."

The charges were announced by Acting Assistant Attorney General for National Security Dana Boente, Acting US Attorney Soo Song for the Western District of Pennsylvania, and Special Agent in Charge Robert Johnson from the FBI.

The FBI, Naval Criminal Investigative Service and Air Force Office of Special Investigations unmasked the suspects.

According to US law enforcement, the three suspects -- together with unknown conspirators -- worked together to launch cyberattacks against companies by sending spear phishing emails, including malicious attachments or links to fraudulent domains which would deliver malware payloads to access compromised systems.

When access was achieved, additional tools would be downloaded and installed, referred to as "ups" and "exeproxy." The trio would work to disguise their operation and affiliation to Boyusec, often using aliases, proxies, and valid credentials stolen from victims.

"The primary goal of the co-conspirators' unauthorized access to victim computers was to search for, identify, copy, package, and steal data from those computers, including confidential business and commercial information, work product, and sensitive victim employee information, such as usernames and passwords that could be used to extend unauthorized access within the victim systems," prosecutors claim. "Such information included hundreds of gigabytes of data regarding the housing finance, energy, technology, transportation, construction, land survey, and agricultural sectors."

Moody's Analytics, Siemens, and Trimble were among the alleged victims.

In 2011, the three were allegedly able to access Moody's internal email server and place a forwarding rule in the email account of a top employee which redirected all emails to accounts controlled by the Chinese nationals. The information stolen from these messages included confidential economic analyses, findings, and opinions.

In 2014, Siemens was the apparent victim of the theft of 407 GB of proprietary commercial data related to Siemens's energy, technology and transportation businesses. Several years later, while Trimble was developing a global navigation satellite system, the hackers allegedly accessed the firm's network to steal trade secrets, including hundreds of files on the satellite project.

Wu and Dong, founding members of Boyusec, alongside employee of the company Xia, have been indicted to face charges of conspiring to commit computer fraud and abuse, conspiring to commit trade secret theft, wire fraud, and aggravated identity theft.

If found guilty of all charges, the three suspects could all face up to 42 years in prison.

"In order to effectively address the cyber threat, a threat that respects no boundaries and continues to grow in both its scope and complexity, law enforcement must come together and transcend borders to target criminal actors no matter where they are in the world," Johnson said.

Best gifts: Internet of (Things) you can't live without

Previous and related coverage

    Linus Torvalds: 'I don't trust security people to do sane things'

    The prominent Linux engineer has suggested models used to approach kernel security are entirely wrong.

    HP patches severe code execution bug in enterprise printers

    The vulnerability could be exploited to perform remote code execution.

    Cisco, Interpol team up to share cybercriminal threat data

    The tech giant and law enforcement agency will share intelligence on the latest cyberthreats.

      Editorial standards