The Department of Justice (DoJ) has indicted three Chinese nationals who allegedly worked indirectly for their government to steal hundreds of gigabytes of highly sensitive corporate data from Siemens, Moody’s Analytics and GPS firm Trimble.
In the first US government indictment of Chinese hackers since 2014, the DoJ accused Wu Yingzhuo, Dong Hao and Xia Lei each of eight counts including: conspiring to commit computer fraud and abuse, conspiring to commit trade secret theft, wire fraud and aggravated identity theft.
Although the sentences carry a maximum jail term of over 40 years, it’s highly unlikely the US government will ever get its hands on the three. Wu and Dong are founding members of ‘security vendor’ Guangzhou Bo Yu Information Technology Company Limited (Boyusec), while Xia is an employee there.
The three are alleged to have sent spearphishing emails to victims in the targeted organizations, allowing them to gain unauthorized, persistent access to their computers. The end goal was allegedly to steal confidential corporate information.
Between December 2015 and March 2016, Wu and unnamed co-conspirators are said to have hacked Trimble to steal plans for new satellite technology designed to improve the accuracy of location data on mobile devices.
In 2014, Dong is alleged to have infiltrated the Siemens corporate network to steal log-ins from employees in preparation for a 2015 407GB raid on the firm’s energy, technology and transportation businesses.
After co-conspirators hacked a Moody’s email server in 2011 and placed a forwarding rule in a prominent employee’s account, Xia regularly accessed those forwarded emails during 2013 and 2014, to read “proprietary and confidential economic analyses, findings and opinions”, according to the DoJ indictment.
“In many instances, the co-conspirators sought to conceal their activities, location and Boyusec affiliation by using aliases in registering online accounts, intermediary computer servers known as ‘hop points’ and valid credentials stolen from victim systems,” it noted.
Although the three are named in the indictment only as Boyusec employees, the firm itself is in fact a cover for China’s fearsome Ministry of State Security (MSS), according to Recorded Future director of strategic threat development, Priscilla Moriuchi.
As such, this represents the first ever US indictments against Chinese intelligence officers as opposed to military personnel, she claimed.
“Boyusec is the MSS and their activities support China’s political, economic, diplomatic, and military goals,” she argued.
“The MSS is composed of national, provincial, and local elements. Many of these elements, especially at the provincial and local levels, include organizations with valid public missions to act as a cover for MSS intelligence operations. Some of these organizations include think tanks such as CICIR, while others include provincial-level governments and local offices. In this case, Boyusec is the cover organization for MSS cyber activities.”
A Recorded Future report from May attributed Boyusec’s work to the APT3 group. Over the years it has also targeted Hong Kong dissidents and other domestic troublemakers, the firm claimed.
It's unclear why the DoJ hasn't made the same claims as Recorded Future over Boyusec's alleged masters, although if true it would mean the trio's activity broke the terms of a US-China agreement signed in late 2015 not to engage in economic espionage against one another.