Siemens, Trimble, and Moody’s Were Victims of a Corporate Cyber Espionage Campaign – US Charges 3 Chinese Nationals
Authorities in the United States have filed charges against three Chinese hackers for allegedly stealing sensitive information from US based companies. The affected companies include Siemens industrial groups, Moody’s Analytics, and GPS technology firm Trimble Inc.
While the group has previously been linked to the Chinese Ministry of State Security, the hackers identified as Wu Yingzhuo, Dong Hao and Xia Lei haven’t been charged as state-sponsored hackers. The indictment unsealed on Monday revealed that they have been charged as individuals for launching “coordinated and unauthorized” cyberattacks between 2011 and May 2017. The defendants are either owners or employees of the Chinese cybersecurity firm Guangzhou Bo Yu Information Technology Company Ltd also known as Boyusec or APT3 in the security industry.
“It is not an element or subject of this indictment that there is state sponsorship,” US Special Attorney in Pittsburgh Soo C Song said. “Defendants Wu, Dong and Xia launched coordinated and targeted cyber intrusions against businesses operating in the United States, including here in the Western District of Pennsylvania, in order to steal confidential business information,” Song added.
“These conspirators masked their criminal conspiracy by exploiting unwitting computers, called ‘hop points,’ conducting ‘spearphish’ email campaigns to gain unauthorized access to corporate computers, and deploying malicious code to infiltrate the victim computer networks.”
Chinese hackers stole over 407GB of business secrets from Siemens, 275MB from Trimble
The indictment reveals that the Chinese hackers were involved in monitoring email correspondence of an unidentified Moody’s economist at a prominent position, stealing 407 gigabytes of proprietary commercial data from transportation, technology and energy units at Siemens, and targeting Trimble when it was developing a new Global Navigation Satellite Systems technology. They managed to exploit vulnerabilities in computer systems and networks and used spearphishing to access confidential commercial information and steal login details of employees.
“The primary goal of the co-conspirators’ unauthorized access to victim computers was to search for, identify, copy, package, and steal data from those computers, including confidential business and commercial information, work product, and sensitive victim employee information, such as usernames and passwords that could be used to extend unauthorized access within the victim systems,” the Department of Justice said.
“For the three victim entities listed in the Indictment, such information included hundreds of gigabytes of data regarding the housing finance, energy, technology, transportation, construction, land survey, and agricultural sectors.”
Reuters reports that prosecutors said the indictment was filed in September and the Chinese government has been aware of it.
Both Trimble and Moody’s have said that no confidential customer data was compromised. “Trimble responded to the incident and concluded that there is no meaningful impact on its business,” the company said. “To our knowledge, no confidential customer data or other personal employee information was compromised,” Moody’s statement reads. Siemens is yet to comment on these hacking reports and the indictment.