Federal agencies claim that in this hacking campaign 13 firms were attacked for the benefit of a Chinese aerospace company
Last Tuesday, federal prosecutors disclosed charges accusing two Chinese government intelligence officers and eight alleged conspirators of having made informatics intrusions held in 13 companies in an attempt to steal designs for an engine used in commercial aircraft, as reported by cybersecurity and digital forensics experts from the International Institute of Cyber Security.
A 21-page indictment filed at the US District Court in the Southern District of California reports that the Ministry of State Security of Jiangsu Province, a division of the Ministry of State Security of the People’s Republic of China, was the institution responsible for conducting this hacking campaign for five years. According to the indictment, between January 2010 and May 2015, this agency allegedly used a wide range of methods to access the computer networks of companies involved in aerospace and turbine manufacturing, as well as to the services of Internet and technology.
According to reports from experts in digital forensics, the main objective of the Chinese agency was to steal data that would allow the Chinese government aerospace agency to design its own commercial aircraft. With the exception of Capstone Turbines, a Los Angeles-based gas turbine manufacturer, the rest of the companies allegedly attacked were not explicitly identified.
“The conspirators, among other things, targeted data and information related to an engine used in commercial aircrafts”, the prosecutors wrote in the corresponding indictment. “While the hacking campaign was taking place, a Chinese government aerospace company was working to develop a similar engine for use in commercial aircraft manufactured in China and other Asian countries”.
The indictment continues: “This engine was being developed through a partnership between the different US-based aerospace companies. The conspirators hacked into one of the design companies (whose name was omitted in the indictment) as well as other companies that manufactured the engine parts to steal confidential data that could be used by Chinese entities to build the same engine or a similar one without incurring in substantial research and development expenses”.
The alleged conspirators combined a variety of hacking techniques to carry out a highly effective campaign. It is known that they registered fake domain names but kept similar to the names of the legitimate domains. In other cases, according to reports of experts in digital forensics, the defendants infected the websites of real companies. Subsequently they would have directed the victims to the infected sites, so that the confidential information about these companies would have been stolen.
In addition to using phishing, malware and domain hijacking, defendants also recruited employees from some of the companies attacked to infect corporate networks and obtain information about their investigations, the prosecutors said. One of the defendants, Gu Gen, was an infrastructure and security manager working in the offices of a French aerospace company established in Jiangsu Province. In January 2014, the members of the conspiracy allegedly infected a laptop in Gu Gen’s company with a malware called the Sakula, which was linked to the domain ns24.dnsdojo.com. A month later, the US authorities discovered the infection and notified the French authorities.
This is the third indictment in which US federal prosecutors point out Chinese intelligence officers as responsible for criminal acts against US companies since last September.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.