A Chinese national has been accused of conducting a years-long spear-phishing campaign that aimed to steal source code from the US Army and NASA, plus other highly sensitive software used in aerospace engineering and military applications. At least some of the spears hit their targets, and some of this restricted software made its way to China, according to a US Department of Justice (DOJ) announcement and an indictment. The accused, Song Wu, 39, remains at large and has been charged with 14 counts of wire fraud and 14 counts of aggravated identity theft.
The DOJ claims Song was employed as an engineer at Aviation Industry Corporation of China (AVIC), a Chinese state-owned aerospace and defense conglomerate headquartered in Beijing. While in that role, Song allegedly started to send phishing emails around January 2017 and continued through December 2021. These mails appeared to have been sent by targets' colleagues and associates, and sought highly specialized, restricted software used in aerospace engineering, computational fluid dynamics and other industrial and military applications, such as advanced missile and weapon development.[1]
Song is alleged to have sent messages to people who worked for the US government, including NASA, the Air Force, Navy, and Army, and the Federal Aviation Administration. He also phished individuals employed by major research universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana, and Ohio, and with private sector companies that work in the aerospace field, we're told.
One email cited in the indictment was sent on 28 April 2020 from one such "imposter email account" to "Victim 2" and requested NASCART-GT, which appears to be used in NASA projects. The email read: "Hi [Victim 2], I sent Stephen an email for a copy of NASCART-GT code, but got no response right now. He must be too busy. Will you help and sent (sic) it to me?" Some of the scams worked, according to the DOJ.
While the indictment does not detail exactly what sensitive IP Song is alleged to have stolen, it does note that, "In some instances, the targeted victim, believing that defendant SONG … was a colleague, associate, or friend requesting the source code or software electronically transmitted the requested source code or software to defendant Song." If arrested and convicted, Song faces a maximum penalty of 20 years in prison for each count of wire fraud. He also faces two-year penalties in prison for each count of aggravated identity theft.
On the government side in the US, there is a new bipartisan effort in Congress to take on the growing threat of cyber-attacks by China and other US adversaries. A bill led by Rep. Pat Fallon, R-Texas, would impose new guardrails on the technology the US government is able to purchase by forcing a federal agency or office to only purchase it from "original equipment manufacturers" or "authorized resellers," according to the bill text obtained by news sources. Fallon explained this would ensure US technology is bought from "trusted sources" rather than a third party that could potentially be sourcing that equipment from nations like China, Russia or Iran.[2] "Our adversaries have been targeting our hardware and software systems through selling the US government counterfeit products through what are known as ‘gray market’ sellers," Fallon explained. "These products, although marketed as genuine hardware, allow our enemies to gain access to US government systems, making it far easier to conduct subsequent cyberattacks."
The Texas Republican warned the US was being hit with "millions of attacks daily," and that the growing sophistication of artificial intelligence (AI) technology was making cyberattacks easier to pull off. The House bill, the Securing America’s Federal Equipment (SAFE) Supply Chains Act, is backed by a bipartisan companion bill in the Senate. That push is being led by Sen. John Cornyn, R-Texas, and Senate Homeland Security Committee Chair Gary Peters, D-Mich. A "gray market" refers to an alternative channel for purchasing and selling genuine goods without the authorization of the manufacturer.
It has been a particularly prevalent issue in the high-tech sphere, and though the lack of transparency makes its full scope hard to quantify, the technology gray market is believed to have cost manufacturers billions of dollars in losses, according to AGMA Global.
China’s technology gray market is prevalent. A report from the Hong Kong-based Asia Times earlier this year said Chinese firms were getting around US export controls to acquire high-end American AI chips for their own military and research uses. Additionally, while the US government does have existing bans on certain Beijing-backed companies, the new bill would prevent China from using middle men to obscure those and other illicit sources and flooding the US market.
Fallon said the legislation would "prevent the federal government from even being at risk of being duped into procuring these harmful products." "The world is at peak instability and danger. Simply put, we are at an inflection point, which means we must do everything in our power to protect our vulnerable systems from cyber-attacks and intrusion from our enemies," he said.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://www.msn.com/en-us/news/technology/chinese-national-accused-by-feds-of-spear-phishing-for-nasa-military-source-code/ar-AA1qGl5c/
[2] https://www.msn.com/en-us/news/world/lawmakers-crack-down-on-ccp-influence-in-us-government-tech-warn-of-potentially-devastating-cyber-attack/ar-AA1qwzdu
Comments