Winston
Lorenzo von Matterhorn
- Joined
- Jan 31, 2009
- Messages
- 9,560
- Reaction score
- 1,749
Feds: Chinese spies orchestrated massive hack that stole aviation secrets
Feds say campaign hacked 13 firms in bid to help Chinese state-owned aerospace company.
10/31/2018
https://arstechnica.com/tech-policy...d-their-hired-hackers-stole-aviation-secrets/
Excerpts:
Federal prosecutors on Tuesday unsealed charges that accused two Chinese government intelligence officers and eight alleged co-conspirators of conducting sustained computer intrusions into 13 companies in an attempt to steal designs for a turbofan engine used in commercial jetliners.
A 21-page indictment filed in US District Court in the Southern District of California said the Jiangsu Province Ministry of State Security, an arm of the People’s Republic of China’s Ministry of State Security, directed the five-year campaign. According to the indictment, between January 2010 to May 2015, the team allegedly used a wide range of methods to break into the computer networks of companies involved in aerospace and turbine manufacturing and Internet and technology services. Their primary goal was stealing data that would allow a Chinese government-owned company to design its own jetliner. With the exception of Capstone Turbines, a Los Angeles-based gas turbine maker, other targeted companies weren’t identified by name and were referred to only as companies A through L.
"Members of the conspiracy targeted, among other things, data and information related to a turbofan engine used in commercial jetliners,” prosecutors wrote in the superseding indictment. “At the time of the intrusions, a Chinese state-owned aerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in China and elsewhere.”
The alleged conspirators combined a variety of hacking techniques to mount a highly effective campaign. According to the indictment, they registered “doppelganger” domain names such as capstonetrubine.com that closely resembled the legitimate domain names of aerospace companies. In other cases, prosecutors said, the defendants infected the websites of real companies. They then allegedly turned the malicious domains into watering holes by sending spear phishing emails that directed targets to visit the doppelganger or infected websites. When targets complied, they were infected.
Besides using spear phishing, watering holes, malware, and domain hijackings, prosecutors said, the defendants also recruited employees of some of the targeted companies to infect corporate networks and provide intelligence about investigations. One of the defendants, Gu Gen, was a Chinese infrastructure and security manager working in a targeted French aerospace manufacturer's office in Suzhou, Jiangsu Province. In January 2014, conspiracy members allegedly infected a laptop in Gu’s company with malware, dubbed Sakula, which communicated with the domain ns24.dnsdojo.com. A month later, US law enforcement authorities discovered the infection and notified French authorities.
The indictment is the third time since September that federal prosecutors have named Chinese intelligence officers as defendants in criminal hacks against US companies.
Feds say campaign hacked 13 firms in bid to help Chinese state-owned aerospace company.
10/31/2018
https://arstechnica.com/tech-policy...d-their-hired-hackers-stole-aviation-secrets/
Excerpts:
Federal prosecutors on Tuesday unsealed charges that accused two Chinese government intelligence officers and eight alleged co-conspirators of conducting sustained computer intrusions into 13 companies in an attempt to steal designs for a turbofan engine used in commercial jetliners.
A 21-page indictment filed in US District Court in the Southern District of California said the Jiangsu Province Ministry of State Security, an arm of the People’s Republic of China’s Ministry of State Security, directed the five-year campaign. According to the indictment, between January 2010 to May 2015, the team allegedly used a wide range of methods to break into the computer networks of companies involved in aerospace and turbine manufacturing and Internet and technology services. Their primary goal was stealing data that would allow a Chinese government-owned company to design its own jetliner. With the exception of Capstone Turbines, a Los Angeles-based gas turbine maker, other targeted companies weren’t identified by name and were referred to only as companies A through L.
"Members of the conspiracy targeted, among other things, data and information related to a turbofan engine used in commercial jetliners,” prosecutors wrote in the superseding indictment. “At the time of the intrusions, a Chinese state-owned aerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in China and elsewhere.”
The alleged conspirators combined a variety of hacking techniques to mount a highly effective campaign. According to the indictment, they registered “doppelganger” domain names such as capstonetrubine.com that closely resembled the legitimate domain names of aerospace companies. In other cases, prosecutors said, the defendants infected the websites of real companies. They then allegedly turned the malicious domains into watering holes by sending spear phishing emails that directed targets to visit the doppelganger or infected websites. When targets complied, they were infected.
Besides using spear phishing, watering holes, malware, and domain hijackings, prosecutors said, the defendants also recruited employees of some of the targeted companies to infect corporate networks and provide intelligence about investigations. One of the defendants, Gu Gen, was a Chinese infrastructure and security manager working in a targeted French aerospace manufacturer's office in Suzhou, Jiangsu Province. In January 2014, conspiracy members allegedly infected a laptop in Gu’s company with malware, dubbed Sakula, which communicated with the domain ns24.dnsdojo.com. A month later, US law enforcement authorities discovered the infection and notified French authorities.
The indictment is the third time since September that federal prosecutors have named Chinese intelligence officers as defendants in criminal hacks against US companies.
