US DoJ accuses the Chinese intelligence to have recruited hackers and insiders to steal confidential information from companies in aerospace and tech companies.
US intelligence believes that the cyber espionage operation was under the control of Zha Rong and Chai Meng, two intelligence officers working for the Jiangsu Province Ministry of State Security (JSSD) in the Chinese city of Nanjing.
According to U.S. authorities, the operation was coordinated by Zha Rong and Chai Meng, intelligence officers working for the Jiangsu Province Ministry of State Security (JSSD) in the Chinese city of Nanjing.
“Chinese intelligence officers and those working under their direction, which included hackers and co-opted company insiders, conducted or otherwise enabled repeated intrusions into private companies’ computer systems in the United States and abroad for over five years. The conspirators’ ultimate goal was to steal, among other data, intellectual property and confidential business information, including information related to a turbofan engine used in commercial airliners.” reads the press release published by the DoJ.
“The charged intelligence officers, Zha Rong and Chai Meng, and other co-conspirators, worked for the Jiangsu Province Ministry of State Security (“JSSD”), headquartered in Nanjing, which is a provincial foreign intelligence arm of the People’s Republic of China’s Ministry of State Security (“MSS”).”
The Jiangsu Province Ministry of State Security (JSSD) is a foreign intelligence unit that is coordinated by China’s Ministry of State Security (MSS), the agency that is tasked for non-military foreign intelligence and domestic counterintelligence operations.
The intelligence duo recruited five hackers (Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei, and Ma Zhiqi) to hack the companies involved in the design of a turbofan engine used in commercial airliners in Europe and the United States.
The turbofan engine was manufactured by a French aerospace company, which also had offices in the Jiangsu province with a U.S.-based firm.
The operation aimed at stealing industrial secrets for a Chinese-state company, according to the indictment, ten Chinese nationals were involved in the cyber espionage activities, including two spies, six hackers and two insiders.
“Members of the conspiracy targeted, among other things, data and information related to a turbofan engine used in commercial jetliners.” states the DoJ indictment. “At the time of the intrusions, a Chinese state-owned aerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in China and elsewhere.”
The Chinese spies also targeted companies involved in the manufacturing of components for the jet engine, including US-based firms.
The campaign was carried out at least from January 2010 to May 2015.
The cyberspies used spear phishing, watering hole attacks, and domain hijacking to deliver various malware families, including Sakula and IsSpace, to the target organization.
A JSSD officer provided malware to insiders, two of which is Tian Xi and Gu Gen, to plant the malicious code in the organization.
According to the indictment, the hackers hired by the Chinese intelligence were also involved in cybercriminal activities, a circumstance that highlights the thin line between nation-state hacking and cybercrime.
The choice of recruiting hackers from cybercrime underground is strategic because makes it hard for an investigator to attribute the operations to a specific government.
“State-sponsored hacking is a direct threat to our national security. This action is yet another example of criminal efforts by the MSS to facilitate the theft of private data for China’s commercial gain,” declared U.S. Attorney Adam Braverman.
“The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products.”
(Security Affairs – Chinese intelligence, cyber espionage)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.