- Chinese national charged in vast phishing campaign
- NASA, the military, universities and private companies have been targeted
- Attacker stole restricted defense software
NASA’s Office of Inspector General (OIG) has released a report detailing a complex campaign to steal export-restricted software orchestrated by a Chinese national.
The campaign targeted engineers at NASA, the Air Force, the Navy, the Army and the Federal Aviation Administration, as well as major universities and private companies.
Posing as a colleague or friend, the attacker managed to convince dozens of professors, researchers and engineers to share sensitive software and defense codes for almost five years.
Article continues below
Federal warrant issued
The Chinese national, identified as Song Wu, was investigated by the Cybercrime Investigation Division (CCD) after receiving an alert that emails were coming from a Gmail account claiming to be an aerospace professor who collaborated with NASA.
Song Wu’s phishing campaign began in January 2017 and ended in December 2021, during which time he contacted employees of NASA, the Air Force, the Navy, the Army, the Federal Aviation Administration as well as employees of numerous universities and private companies.
According to the CCD, Song Wu and his unidentified accomplices would conduct rigorous research on their targets, then pose as friends or colleagues requesting access to copies or source code of modeling software used for aerospace design and weapons development.
Because the software was defense-related, it was subject to export controls that were unknowingly violated when victims fell for Song Wu’s deception.
A federal arrest warrant was issued for Song Wu, and he was charged with 14 counts of wire fraud and 14 counts of aggravated identity theft, but he remains at large, the NASA report said.
“Cases like this highlight the importance of complying with export controls and remaining vigilant, even during daily email exchanges,” said CCD Special Agent in Charge Ryan Pittman. “At NASA OIG, our job is to protect the Agency’s cutting-edge technology and expose cybercriminals who try to steal it. »
The best identity theft protection for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
