An individual from China has been formally charged in the U.S. for allegedly orchestrating a “multi-year” spear-phishing scheme to illicitly access computer programs and source code developed by the National Aeronautics and Space Administration (NASA), academic institutions, and private corporations.
At 39 years old, Song Wu faces accusations of 14 counts of wire fraud and 14 counts of aggravated identity theft. If found guilty, he could be sentenced to up to 20 years in prison for each count of wire fraud and an additional two-year term for aggravated identity theft.
He worked as an engineer at the Aviation Industry Corporation of China (AVIC), a Chinese government-owned group specializing in aerospace and defense, which was established in 2008 and is based in Beijing.
AVIC’s website states that it comprises “over 100 subsidiaries, nearly 24 publicly listed companies, and a workforce exceeding 400,000 individuals.” In late 2020 and mid-2021, the U.S. imposed sanctions on the company and some of its subsidiaries, preventing Americans from investing in them.
Song allegedly carried out a spear-phishing operation by setting up email accounts that impersonated U.S.-based researchers and engineers. These accounts were used to retrieve specialized restricted or proprietary software related to aerospace engineering and computational fluid dynamics.
The software also had potential applications in industrial and military sectors, including the creation of sophisticated tactical missiles and the evaluation of aerodynamics for weapons development.
According to the U.S. Department of Justice (DoJ), these deceptive emails were sent to personnel at NASA, the U.S. Air Force, Navy, and Army, as well as staff at the Federal Aviation Administration and prominent academic institutions in several states.
The social engineering efforts, which commenced around January 2017 and persisted until December 2021, also targeted private sector firms involved in aerospace.
This fraudulent communication purported to originate from acquaintances, associates, or other figures in the research or engineering community, urging recipients to disclose or share software or source code they possessed. The DoJ did not reveal the software’s name or the defendant’s current location.
“Once again, the FBI and our collaborators have proven that cyber offenders globally who attempt to pilfer our firms’ most sensitive and valuable information can and will be uncovered and brought to justice,” remarked Keri Farley, Special Agent in Charge of FBI Atlanta.
“The FBI is dedicated to pursuing the arrest and prosecution of any individual engaging in illicit and deceptive acts to abscond with safeguarded information,” she added.
Coinciding with this indictment, the DoJ also disclosed a separate indictment against Jia Wei, a Chinese national and member of the People’s Liberation Army (PLA), accused of infiltrating a U.S.-based telecommunications firm in March 2017 to steal confidential data related to civilian and military communication gadgets, product advancement, and testing strategies.
“During the unauthorized network access, Wei and his cohorts endeavored to implant malicious software designed to ensure continuous illicit entry to the U.S. company’s network,” the DoJ announced. “Wei persisted in this unauthorized access until around late May 2017.”
These developments follow the recent revelation from the U.K. National Crime Agency (NCA) that three individuals—Callum Picari, 22; Vijayasidhurshan Vijayanathan, 21; and Aza Siddeeque, 19—confessed to operating a website enabling cybercriminals to evade banks’ anti-fraud systems and gain control of bank accounts.
The platform, known as OTP.agency, enabled paid subscribers to dupe bank account holders into revealing genuine one-time-passcodes or divulging personal details.
The underground service allegedly targeted more than 12,500 members of the public between September 2019 and March 2021, when it was shut down upon the arrest of the trio. The total illegal gains from this illicit operation remain undisclosed.
“For a weekly fee of £30, an entry-level subscription allowed fraudulent transactions to be made on banking platforms like HSBC, Monzo, and Lloyds by bypassing multi-factor authentication,” the NCA stated. “A premium package priced at £380 per week granted access to verification sites for Visa and Mastercard.”
About Author
