U.S. Navy, NASA and Federal Aviation Administration: ‘This was not an isolated incident’: Chinese national exposed by NASA investigation in serial defense software theft phishing campaign that lasted years

U.S. Navy, NASA and Federal Aviation Administration: ‘This was not an isolated incident’: Chinese national exposed by NASA investigation in serial defense software theft phishing campaign that lasted years

Chinese National Indicted in Multi-Year Phishing Campaign Targeting U.S. Defense and Aerospace Sectors

A Chinese national, Song Wu, has been indicted on charges of wire fraud and aggravated identity theft following a sophisticated phishing campaign that spanned nearly five years. The operation, uncovered by NASA’s Office of Inspector General (OIG), targeted engineers, researchers, and employees at NASA, the U.S. military (Air Force, Navy, Army), the Federal Aviation Administration, universities, and private companies.

Between January 2017 and December 2021, Song Wu and unidentified co-conspirators posed as colleagues or collaborators, using meticulously researched personas to deceive victims into sharing export-restricted defense software and source code. The stolen materials included aerospace design and weapons development tools, which are subject to strict U.S. export controls. Victims unknowingly violated these regulations by complying with the fraudulent requests.

The investigation began after NASA’s Cyber Crimes Division (CCD) received an alert about suspicious emails from a Gmail account impersonating an aerospace professor with prior NASA ties. A federal warrant has been issued for Song Wu’s arrest, but he remains at large. He faces 14 counts of wire fraud and 14 counts of aggravated identity theft.

The case highlights the persistent threat of state-linked cyber espionage targeting sensitive U.S. technological and defense assets. NASA OIG emphasized the need for heightened vigilance in verifying digital communications, particularly when handling controlled materials.

Source: https://www.techradar.com/pro/security/this-was-not-an-isolated-incident-chinese-national-exposed-by-nasa-investigation-in-serial-defense-software-theft-phishing-campaign-that-lasted-years

U.S. Navy TPRM report: https://www.rankiteo.com/company/bureau-of-industry-and-security-u.s.-department-of-commerce

NASA TPRM report: https://www.rankiteo.com/company/nasa-oig

Federal Aviation Administration TPRM report: https://www.rankiteo.com/company/federal-compass

"id": "nasfedbur1777314337",
"linkid": "nasa-oig, federal-compass, bureau-of-industry-and-security-u.s.-department-of-commerce",
"type": "Cyber Attack",
"date": "1/2017",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"
{'affected_entities': [{'industry': 'Aerospace, Defense',
                        'location': 'United States',
                        'name': 'NASA',
                        'type': 'Government Agency'},
                       {'industry': 'Defense',
                        'location': 'United States',
                        'name': 'U.S. Military (Air Force, Navy, Army)',
                        'type': 'Government Agency'},
                       {'industry': 'Aviation, Defense',
                        'location': 'United States',
                        'name': 'Federal Aviation Administration (FAA)',
                        'type': 'Government Agency'},
                       {'industry': 'Education, Research',
                        'location': 'United States',
                        'type': 'Universities'},
                       {'industry': 'Aerospace, Defense',
                        'location': 'United States',
                        'type': 'Private Companies'}],
 'attack_vector': 'Email (Spear Phishing)',
 'data_breach': {'data_exfiltration': 'Yes',
                 'file_types_exposed': 'Software, Source Code',
                 'personally_identifiable_information': 'Yes (Identity theft '
                                                        'charges)',
                 'sensitivity_of_data': 'High (Export-Controlled, Sensitive '
                                        'Defense Technology)',
                 'type_of_data_compromised': 'Defense software, source code, '
                                             'aerospace design tools, weapons '
                                             'development tools'},
 'date_detected': '2021-12',
 'description': 'A Chinese national, Song Wu, has been indicted on charges of '
                'wire fraud and aggravated identity theft following a '
                'sophisticated phishing campaign that spanned nearly five '
                'years. The operation targeted engineers, researchers, and '
                'employees at NASA, the U.S. military (Air Force, Navy, Army), '
                'the Federal Aviation Administration, universities, and '
                'private companies. The attackers posed as colleagues or '
                'collaborators to deceive victims into sharing '
                'export-restricted defense software and source code, including '
                'aerospace design and weapons development tools.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage to '
                                       'affected entities',
            'data_compromised': 'Export-restricted defense software, source '
                                'code, aerospace design tools, weapons '
                                'development tools',
            'identity_theft_risk': 'Aggravated identity theft (14 counts)',
            'legal_liabilities': 'Potential legal liabilities for victims due '
                                 'to export control violations',
            'operational_impact': 'Violation of U.S. export controls by '
                                  'victims'},
 'initial_access_broker': {'entry_point': 'Email (Gmail account impersonating '
                                          'aerospace professor)',
                           'high_value_targets': 'Engineers, researchers, '
                                                 'employees handling '
                                                 'defense/aerospace technology',
                           'reconnaissance_period': 'Meticulous research of '
                                                    'targets (e.g., prior NASA '
                                                    'ties)'},
 'investigation_status': 'Ongoing (Federal warrant issued, suspect at large)',
 'lessons_learned': 'Heightened vigilance in verifying digital communications, '
                    'particularly when handling controlled materials. Need for '
                    'improved awareness of social engineering tactics '
                    'targeting sensitive sectors.',
 'motivation': 'State-Linked Cyber Espionage, Theft of Sensitive Defense '
               'Technology',
 'post_incident_analysis': {'root_causes': 'Social engineering, impersonation, '
                                           'exploitation of trust in '
                                           'professional networks, lack of '
                                           'stringent verification processes '
                                           'for sensitive requests'},
 'recommendations': 'Implement stricter verification processes for requests '
                    'involving export-controlled materials. Enhance employee '
                    'training on recognizing phishing and impersonation '
                    'attempts. Strengthen monitoring of communications '
                    'involving sensitive defense technology.',
 'references': [{'source': 'NASA Office of Inspector General (OIG)'}],
 'regulatory_compliance': {'legal_actions': 'Indictment (14 counts of wire '
                                            'fraud, 14 counts of aggravated '
                                            'identity theft)',
                           'regulations_violated': 'U.S. Export Controls '
                                                   '(e.g., ITAR, EAR)'},
 'response': {'law_enforcement_notified': 'Yes (NASA OIG, Federal '
                                          'Authorities)'},
 'threat_actor': 'Song Wu (Chinese National), Unidentified Co-Conspirators',
 'title': 'Chinese National Indicted in Multi-Year Phishing Campaign Targeting '
          'U.S. Defense and Aerospace Sectors',
 'type': 'Phishing, Cyber Espionage',
 'vulnerability_exploited': 'Social Engineering, Impersonation'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.