U.S. Government Indicts Chinese National For Alleged Spear Phishing Attacks



spear-phishingThe U.S. Justice Department has indicted a Chinese national, Song Wu, for allegedly sending spear phishing emails to employees at various U.S. military and government entities, research institutions and private companies.

“In executing the scheme, Song allegedly sent spear phishing emails to individuals employed in positions with the U.S. government, including NASA, the Air Force, Navy, and Army, and the Federal Aviation Administration,” the Justice Department says.

“Song also sent spear phishing emails to individuals employed in positions with major research universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana, and Ohio, and with private sector companies that work in the aerospace field.”

The Justice Department says Song was an employee of the Aviation Industry Corporation of China (AVIC), a Chinese state-owned aerospace and defense conglomerate. The goal of the alleged operation was presumably cyberespionage.

“Song allegedly engaged in a multi-year ‘spear phishing’ email campaign in which he created email accounts to impersonate U.S.-based researchers and engineers and then used those imposter accounts to obtain specialized restricted or proprietary software used for aerospace engineering and computational fluid dynamics,” the DOJ says.

“This specialized software could be used for industrial and military applications, such as development of advanced tactical missiles and aerodynamic design and assessment of weapons.”

The phishing emails impersonated real colleagues of the targeted individuals, requesting access to source code.

“Song’s spear phishing emails appeared to the targeted victims as having been sent by a colleague, associate, friend, or other person in the research or engineering community,” the indictment says. “His emails requested that the targeted victim send or make available source code or software to which Song believed the targeted victim had access.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

The U.S. Justice Department has the story.


BreachSim

Free downloadable software tool

How easy is it for bad actors to penetrate your system and exfiltrate your data? Pinpoint vulnerabilities, take action and build stronger cyber defenses with BreachSim, a free downloadable software tool from KnowBe4. Based on techniques outlined in the MITRE Att&CK framework, BreachSim launches 12+ data exfiltration scenarios to uncover the stark reality of what happens when employees unknowingly fall for an attack.

BreachSim LogoHow BreachSim works:

  • 100% harmless simulation of real breach and data exfiltration attacks
  • Provides secure .txt, .doc, and .bmp test files for the simulation
  • Tests 12+ realistic data exfiltration scenarios following the MITRE Att&CK framework
  • Just download the installer, upload the secure test files, and run

Results in a few minutes!

Try Now

PS: Don't like to click on redirected buttons? Cut and paste this link in your browser:

https://www.knowbe4.com/free-tools/breachsimu



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews