Chinese national accused by US over NASA and military spearfishing campaign
The U.S. Department of Justice (DoJ) has charged a Chinese national named Song Wu with theft of sensitive information and proprietary software from NASA and other prominent government and private organizations in the United States.
In a press release Published on the DoJ website, the organization noted that Wu worked as an engineer at the Aviation Industry Corporation of China (AVIC). AVIC is the country’s aerospace and defense conglomerate.
While at AVIC between 2017 and 2021, he sent phishing emails to people working at NASA, the Air Force, Navy and Army, the Federal Aviation Administration, and people working at universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana and Ohio.
Successful phishing
In these emails, he would pose as other people working at these organizations, and would casually ask for things like source code, proprietary software, and the like. The software is used in aerospace engineering, missile and weapons development, and more.
One of the emails included in the complaint read: “Hello [Victim 2]I emailed Stephen for a copy of the NASCART GT code but haven’t gotten a response yet. I’m sure he’s busy. Would you mind helping and sending it to me?”
NASCART-GT, short for Numerical Aerodynamics Simulation via CARTesian Grid Techniques, is a computational fluid dynamics (CFD) solver developed at Georgia Tech. It simulates complex aerodynamics, including supersonic and hypersonic flows, for various aerospace applications.
Apparently the strategy worked, because at least a few people gave Wu what he needed. The DoJ doesn’t say what was stolen:
“In some cases, the intended victim believed that Defendant SONG … was a colleague, associate, or friend requesting the source code or software, and electronically sent the requested source code or software to Defendant Song.”
Wu, 39, now faces 14 counts of wire fraud and 14 counts of aggravated identity theft. He remains at large and, if arrested, could face up to 20 years in prison for each count of wire fraud and two years for each count of aggravated identity theft. The register defeated.
Via The register
