How Chinese cyber army forced a GlaxoSmithKline employee to steal Cancer drug research data from the company

The U.S. Department of Justice (DOJ) announced that Lucy Xi, a resident of the state of Philadelphia, has pleaded guilty to conspiracy to steal trade secrets from GlaxoSmithKline to favor a Chinese pharmaceutical company identified as Renopharma.

Renopharma was created as a front company supposedly dedicated to the research and development of cancer drugs, which was actually used as a repository of information stolen from the affected firm, while receiving subsidies from the government of China.

At the time, Lucy Xi and an accomplice were working as scientists and pharmaceutical developers at a GSK facility in Philadelphia. It should be remembered that this is an industry that requires considerable investments, since the development of a drug could cost more than one billion dollars.

In early 2015, Lucy Xi sent one of her accomplices a GSK document containing confidential data and trade secrets, including a summary of GSK’s sophisticated research on monoclonal antibodies: “It will help you in your future business,” Lucy Xi said in her message to the accomplice, identified as Yan Mei. The authorities do not rule out that this operation was carried out by order of China’s cyber army.

Jennifer Arbittier Williams, the attorney general in charge of the case, said: “The defendant illegally stole trade secrets to benefit the company from her accomplices, who in turn received funding from the Chinese government. When the intellectual property of companies like GSK is stolen, thousands of U.S. jobs are put at risk, as well as compromising the strategic benefits of research and development.”

On the other hand, the special agent of the Federal Bureau of Investigation (FBI) Jaqueline Maguire believes that the US authorities should punish this kind of behavior vigorously, since it has a direct impact on the local economy and is beneficial for the state actors that finance these operations. So far, the sentence that the defendant will receive is ignored.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.