Ten Chinese Agents Charged with Hacking Aviation Companies

US authorities say malware from North Korea may be lurking in computer systems, giving hackers remote access

The Justice Department unsealed federal charges Tuesday against 10 Chinese agents, including intelligence officers, accused of running a five-year hacking operation to steal technology from American aviation companies. The Justice Department promised more indictments will follow.

“Officials described the case as part of a push by the Trump administration to highlight what U.S. authorities say are China’s continuing efforts to steal information from American and European companies through cyber attacks and on-the-ground recruiting,” the Wall Street Journal reported.

“This is just the beginning. Together with our federal partners, we will redouble our efforts to safeguard America’s ingenuity and investment,” Assistant Attorney General John Demers promised.

The unsealed indictment describes a plot spearheaded by the Jiangsu Province Ministry of State Security (JSSD), headquartered in Nanjing, China, to steal “sensitive commercial technological, aviation, and aerospace data by hacking into computers in the United States and abroad.”

The operation was specifically interested in a commercial jet turbofan engine being developed by a partnership between American and French companies not identified in the indictment. A Chinese state-owned company was working on a similar design at the time.

The French firm has an office in Jiangsu province which employed one of the alleged conspirators as an information technology manager. Another operative employed by the Chinese branch of the French company was accused of loading malware into its computers to facilitate information theft.

The other Chinese named in the indictment include the JSSD divisional director and section chief who ran the operation and five hackers who worked for the JSSD or took direction from its agents.

The operation began in 2010 with a hacking attack on Capstone Turbine of Los Angeles, followed by efforts to penetrate six other companies across the United States, inflicting thousands of dollars in damage. The operation grew to include attacks against the above-mentioned French company, two U.K.-based aerospace companies with offices in the United States, and a “multinational conglomerate that produces commercial and consumer products and aerospace systems.”

The operation appeared to refine its malware and hacking techniques as it went along. Some of the targets were chosen because they would “facilitate further computer intrusions into other companies.” The indictment indicated the conspirators were interested in other prizes besides the turbofan engine.

It appears the operation began winding down in 2014 after the French company became aware of skulduggery at its office in Jiangsu province thanks to a tip from U.S. law enforcement, which detected signals sent from the French corporate network to an Internet domain associated with Chinese intelligence. The conspirator who worked as an IT manager for the French company was asked to help with the subsequent investigation, so he alerted the rest of the conspirators and they began making efforts to cover their tracks by erasing data.

U.S. Attorney Adam Braverman called the operation “yet another example of criminal efforts” by Chinese intelligence to “facilitate the theft of private data for China’s commercial gain.”

“The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products,” Braverman said.

None of the conspirators named in the indictment are currently in U.S. custody. The Justice Department was able to secure extradition for a Chinese Ministry of State Security officer for the first time this month after he was lured to Belgium on a mission to obtain data stolen by an engineer working for G.E. Aviation. The MSS officer was extradited to the United States from Belgium and ended up facing charges in a federal court in Cincinnati.

The case was not directly related to the ten-person indictment unsealed on Tuesday, but the Chinese agent in question worked for the same branch of the Ministry of State Security in Jiangsu province, and his alleged activities included attempts to steal aerospace technology.

Federal prosecutors are reportedly preparing indictments against members of the notorious APT10 hacking collective, a Chinese cyber espionage team also known as “Stone Panda” and “Cloudhopper,” among many other names. APT10’s activities are highly consistent with Chinese national security interests and it has a longstanding interest in stealing aerospace technology.

The Wall Street Journal noted that the Tuesday indictment concerned activities conducted by Chinese agents before Communist Party leader Xi Jinping signed a landmark cyberespionage accord with then-President Barack Obama, but sources familiar with DOJ’s plans said indictments will be handed down soon for Chinese espionage conducted after Xi signed the pledge. Cybersecurity experts told the Journal they were certain China has violated the accord on numerous occasions with efforts to steal valuable energy, defense, and transportation technology.


Please let us know if you're having issues with commenting.