The Chinese government orchestrated a sophisticated multi-year cyber-espionage campaign to gain parity with western aerospace firms and help it build the C919 commercial airliner, a new report has alleged.
The story is an exemplar of the lengths Beijing is prepared to go to steal IP and force tech transfers from foreign companies and nations in order to gain self-sufficiency.
“What is known from CrowdStrike Intelligence reporting and corroborating US government reporting is that Beijing uses a multi-faceted system of forced technology transfer, joint ventures, physical theft of intellectual property from insiders, and cyber-enabled espionage to acquire the information it needs,” the CrowdStrike report claimed.
“Specifically, state-owned enterprises (SOEs) are believed to help identify major intelligence gaps in key projects of significance that China’s intelligence services then are likely tasked with collecting.”
In this case, that job was taken by the Jiangsu Bureau of the Ministry of State Security (JSSD), tracked by CrowdStrike as Turbine Panda.
Dating back to 2010, the operatives undertook a broad cyber-espionage and human intelligence campaign to target multiple aerospace providers including Honeywell, Safran, Capstone Turbine and others.
Interestingly, many of the operatives were sourced from the local cybercrime community, with PlugX and Winnti hacking tools favored, as well as unique malware linked to a group dubbed “Sakula.”
As part of the campaign, they recruited an insider at General Electric (Zheng Xiaoqing), joint manufacturer of the key LEAP-X turbofan, and a Chinese-born army reservist (Ji Chaoqun) who entered the US on an F-1 student visa to study electrical engineering.
Then the US fightback began: Sakula developer Yu Pingan was arrested whilst attending a US security conference, and insiders Zheng and Ji Chaoqun were also picked up. Other China-based operatives and insiders were also indicted. However, the biggest coup was the arrest of their handler, MSS officer Xu Yanjun: alleged deputy division director of the Sixth Bureau of the JSSD in charge of insider threats.
The report claimed that JSSD operatives were also responsible for the breach of the Office of Personnel Management (OPM) and health insurance firm Anthem.
Depressingly, it seems that even these arrests will do little to halt intrusive Chinese cyber-activity.
“Even with the arrest of a senior MSS intelligence officer and a valuable malware developer, the potential benefits of cyber-enabled espionage to China’s key strategic goals has seemingly outweighed the consequences to date,” the report concluded. “China still seeks to decrease its dependency on this [Airbus-Boeing] duopoly and eventually compete on an even footing with them.”