US Indicts Chinese Spies and Insiders for Aviation Theft

Written by

The US authorities have continued to step-up the pressure on China with the indictment of two intelligence officers, two insiders and six hackers, most of whom were allegedly involved in a conspiracy to steal aviation secrets.

Two intelligence officers, Zha Rong and Chai Meng, and a team of five hackers are said to have worked for the Jiangsu Province Ministry of State Security (JSSD), headquartered in Nanjing.

They allegedly took part in a five-year conspiracy beginning in January 2010 to obtain key technology used in commercial airliners in the US and Europe: namely a turbofan jet engine. A Chinese state-owned aerospace company was said to be working on a similar engine at the time for its own use.

JSSD hackers Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei and Ma Zhiqi are alleged to have conducted intrusions into suppliers that manufactured parts for the turbofan engine, including aerospace companies based in Arizona, Massachusetts and Oregon.

Their work included classic techniques such as spear-phishing, info-stealing malware and watering hole attacks. For example, LA-based gas turbine manufacturer Capstone Turbine suffered data loss and had its website seeded with malware to infect others.

However, the conspiracy went even further, with the JSSD convincing Tian Xi and Gu Gen, two insiders at the targeted French aerospace company who worked at its office in Suzhou, Jiangsu province.

Gen was the company’s head of IT and security in Suzhou, showing the alleged extent of the conspiracy. He is said to have tipped off the officers when foreign police notified the company of the existence of malware on its systems, malware that Tian had apparently installed at the direction of the JSSD.

A separate conspiracy involved Zhang Zhang-Gui and Chinese national Li Xiao, who are alleged to have used the JSSD malware developed to hack Capston Turbine to repeatedly attack a San Diego-based tech company for more than a year-and-a-half, causing thousands of dollars in damage.

Unlike the alleged MSS officer recently extradited to the US to face charges related to another conspiracy to steal aviation secrets, none of those indicted in this case are thought to be on US soil, making this more of a PR exercise.

However, given the alleged insider activity at the aerospace firm’s China office, it will be yet another compelling reason for foreign firms to start extricating key facilities from the country.

A report from CrowdStrike earlier this month identified China as the most prolific nation state threat actor during the first half of 2018.

What’s hot on Infosecurity Magazine?