[BreachExchange] U.S. Accuses China of Hacking Aerospace, Tech Companies

Destry Winant destry at riskbasedsecurity.com
Wed Oct 31 14:59:18 EDT 2018


Chinese intelligence officers recruited hackers and insiders to help
them steal sensitive information from aerospace and technology
companies, the U.S. Department of Justice said on Tuesday.

An indictment unsealed this week charges ten Chinese nationals over
their role in the scheme, including two spies, six hackers and two

According to U.S. authorities, the operation was coordinated by Zha
Rong and Chai Meng, intelligence officers working for the Jiangsu
Province Ministry of State Security (JSSD) in the Chinese city of
Nanjing. The JSSD is a foreign intelligence arm of China’s Ministry of
State Security (MSS), which is responsible for non-military foreign
intelligence, domestic counterintelligence, and political and domestic

Zha Rong and Chai Meng are said to have recruited five hackers,
including Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang
Xiaowei, and Ma Zhiqi, to steal information on a turbofan engine used
in commercial airliners in Europe and the United States.

The targeted jet engine was being developed by a French aerospace
company, which also had offices in China’s Jiangsu province, in
cooperation with a U.S.-based firm.

The hackers targeted the French company via phishing, watering hole
attacks, and domain hijacking, but they were also assisted by at least
two individuals working at the firm’s Chinese office. Tian Xi
allegedly planted a piece of malware received from a JSSD officer on
the organization’s computers and Gu Gen, who had been working as the
head of IT and security, tipped off the Chinese agency when foreign
law enforcement discovered the malware.

In addition to the French aerospace manufacturer, the hackers targeted
companies that built parts of the jet engine, including ones based on
Massachusetts, Oregon and Arizona. Authorities pointed out that at the
time of the attacks, which spanned from at least January 2010 to May
2015, an aerospace company owned by the Chinese government had also
been working on a similar engine.

One of the alleged hackers, Zhang Zhang-Gui, has also been accused of
working with an individual named Li Xiao as part of a separate hacking
operation conducted “for their own criminal ends.” The Justice
Department said one of the victims of this attack was a tech company
in San Diego from which the hackers attempted to steal commercial
information and use its website for a watering hole attack.

The first cyberattack known to U.S. authorities targeted Los
Angeles-based Capstone Turbine. The attackers attempted to steal data
from the company and use its website as a watering hole.

This is the third round of charges brought against JSSD spies since
September. One JSSD officer was extradited to the United States for
attempting to steal trade secrets related to jet engines and a U.S.
Army recruit was indicted in September for working with a JSSD
intelligence officer. None of the individuals targeted in the newly
unsealed indictment are in U.S. custody.

“State-sponsored hacking is a direct threat to our national security.
This action is yet another example of criminal efforts by the MSS to
facilitate the theft of private data for China’s commercial gain,”
said U.S. Attorney Adam Braverman. “The concerted effort to steal,
rather than simply purchase, commercially available products should
offend every company that invests talent, energy, and shareholder
money into the development of products.”

More information about the BreachExchange mailing list