The U.S. Justice Department has indicted a Chinese national, Song Wu, for allegedly sending spear phishing emails to employees at various U.S. military and government entities, research institutions and private companies.
“In executing the scheme, Song allegedly sent spear phishing emails to individuals employed in positions with the U.S. government, including NASA, the Air Force, Navy, and Army, and the Federal Aviation Administration,” the Justice Department says.
“Song also sent spear phishing emails to individuals employed in positions with major research universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana, and Ohio, and with private sector companies that work in the aerospace field.”
The Justice Department says Song was an employee of the Aviation Industry Corporation of China (AVIC), a Chinese state-owned aerospace and defense conglomerate. The goal of the alleged operation was presumably cyberespionage.
“Song allegedly engaged in a multi-year ‘spear phishing’ email campaign in which he created email accounts to impersonate U.S.-based researchers and engineers and then used those imposter accounts to obtain specialized restricted or proprietary software used for aerospace engineering and computational fluid dynamics,” the DOJ says.
“This specialized software could be used for industrial and military applications, such as development of advanced tactical missiles and aerodynamic design and assessment of weapons.”
The phishing emails impersonated real colleagues of the targeted individuals, requesting access to source code.
“Song’s spear phishing emails appeared to the targeted victims as having been sent by a colleague, associate, friend, or other person in the research or engineering community,” the indictment says. “His emails requested that the targeted victim send or make available source code or software to which Song believed the targeted victim had access.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
The U.S. Justice Department has the story.
How BreachSim works:
