The US Department of Justice indicted an employee from a Chinese state-owned aerospace and defense company, Aviation Industry Corporation of China (AVIC), for multi-year spear phishing attacks against US agencies, research universities, and private companies.
The accused is a 39-year-old engineer named Song Wu who works at AVIC, one of the largest defense contractors in the world based in Beijing.
Song’s alleged scheme was impersonating US-based researchers’ and engineers’ email accounts to obtain proprietary software with industrial and military uses, such as the development of advanced tactical missiles, aerodynamic design, and weapons assessment.
The targets were select employees he believed had access to the source code or software from US agencies such as NASA, the US Air Force, Navy, Army, and the FAA.
Other victims included those working at major research universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana, and Ohio, and private aerospace industries.
Song Wu’s Charges
Song is charged with 14 counts of wire fraud and 14 counts of aggravated identity theft. He’s facing a maximum statutory sentence of 20 years in prison for each count of wire fraud and a mandatory two-year consecutive sentence in prison if convicted of aggravated identity theft.
“Efforts to obtain our nation’s valuable research software pose a grave threat to our national security,” US Attorney Ryan K. Buchanan stated. “However, this indictment demonstrates that borders are not barriers to prosecuting bad actors who threaten our national security.”
According to Special Agent in Charge of FBI Atlanta Keri Farley, the indictment demonstrates that “cyber criminals around the world who are seeking to steal our companies’ most sensitive and valuable information can and will be exposed and held accountable.”
“As this indictment shows, the FBI is committed to pursuing the arrest and prosecution of anyone who engages in illegal and deceptive practices to steal protected information,” she added.
