A Chinese national employed by a state-owned aerospace and defense company in China has been indicted on charges related to an alleged hacking scheme targeting the U.S. military and other sectors, according to the Department of Justice (DOJ). The individual, identified as Song Wu, 39, who works for the Aviation Industry Corporation of China (AVIC), is accused of attempting to fraudulently obtain computer software and source code from NASA, the Air Force, the Navy, the Army, and the Federal Aviation Administration (FAA) through a spear-phishing email campaign that took place between 2017 and 2021. The indictment was unsealed by a federal court in Atlanta on September 16.
In addition to targeting government agencies, Song also allegedly sent spear-phishing emails to individuals working at major universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana, Ohio as well as private-sector aerospace companies. According to a press release from the DOJ regarding this case against Song Wu states that he is facing charges including wire fraud and aggravated identity theft. If convicted of wire fraud alone he could face up to 20 years in prison for each count.
The DOJ did not disclose whether or not Song has been arrested at this time. In his alleged email scheme targeting various organizations and individuals within them such as colleagues or associates within research or engineering communities; some targets fell victim to his phishing attempts resulting in them electronically transmitting requested source code or software directly back into his possession.
U.S. Attorney Ryan K. Buchanan stated that “Efforts to obtain our nation’s valuable research software pose a grave threat” adding that “this indictment demonstrates that borders are not barriers” when it comes prosecuting those who threaten national security.
According to prosecutors involved with this case against Song Wu; he specifically targeted software used for military applications such as advanced tactical missile development along with aerodynamic design assessments for weapons systems among others.
One specific piece of NASA software known as Configuration-Based Aerodynamics (CBAERO) was also targeted by Song according to court documents unsealed during this investigation which revealed details about how he attempted obtaining it via email correspondence with an individual referred only as “Victim 8”. CBAERO is restricted solely for use within United States territory but can be used across multiple branches including Department Of Defense agencies along with universities conducting research involving commercial space vehicles.
Another piece of NASA software called Aircraft Noise Prediction Program (ANOPP/ANOPP2) was also targeted by Song according court documents unsealed during investigation into his activities which revealed details about how he attempted obtaining it via email correspondence with an unidentified individual(s). ANOPP/ANOPP2 is restricted solely for use within United States territory but can be used across multiple branches including Department Of Defense agencies along with universities conducting research involving commercial space vehicles.