A sophisticated, multi-year phishing scheme orchestrated by a Chinese national has been uncovered, targeting NASA employees and other U.S. government entities, universities, and private companies. The operation aimed to illicitly obtain sensitive defense and aerospace software, violating U.S. export control laws. The individual allegedly impersonated U.S. researchers and engineers to gain the trust of victims, who unknowingly shared proprietary information.

Key Takeaways

• A Chinese national, Song Wu, is accused of running a spear-phishing campaign from 2017 to 2021.

• The scheme targeted NASA, military branches, government agencies, universities, and private firms.

• The goal was to steal specialized aerospace and defense software.

• Song Wu remains at large and has been added to the FBI's Most Wanted list.

The Phishing Operation Unveiled

The Office of Inspector General (OIG) for NASA revealed the details of the extensive operation. For years, NASA employees and their research collaborators believed they were sharing software with legitimate colleagues. However, they were actually emailing sensitive defense technology to a Chinese national, identified as Song Wu, who was impersonating U.S. engineers. The U.S. Department of Justice announced charges against Song Wu in September 2024 for orchestrating this multi-year scheme.

Targets and Stolen Technology

Song Wu, an engineer at China's state-owned Aviation Industry Corporation (AVIC), allegedly conducted thorough research on his targets. He and his co-conspirators posed as friends and colleagues to gain access to proprietary software and source code. The specialized software targeted is crucial for industrial and military applications, including the development of advanced tactical missiles and aerodynamic design and assessment of weapons. Victims included employees from NASA, the Air Force, the Navy, the Army, and the Federal Aviation Administration, as well as researchers at major universities and private sector firms.

Legal Ramifications and Red Flags

Song Wu faces charges of wire fraud and 14 counts of aggravated identity theft. He could face up to 20 years in prison for each wire fraud count, plus a consecutive two-year sentence for aggravated identity theft. Despite being added to the U.S. Most Wanted List by the FBI, he remains at large. The OIG highlighted common clues that can expose such export fraud schemes, including making multiple unjustified requests for the same software, suggesting unusual payment methods, abruptly changing payment terms, and using unconventional transfer methods to mask identity and evade shipping restrictions.

Implications for Cybersecurity

This campaign highlights the effectiveness of social engineering tactics, succeeding not through technical exploitation but by exploiting trust within collaborative research communities. Security experts emphasize the need for enhanced export control awareness training, robust verification protocols for external software sharing requests, and auditing outbound transfers of sensitive software to mitigate such risks.

By staying vigilant and adopting safe browsing practices, users can significantly reduce their exposure to these evolving threats. As cyber threats continue to evolve, your security strategy needs to evolve with them. BetterWorld Technology delivers adaptive cybersecurity solutions designed to keep your business secure while supporting innovation. Connect with us today to schedule a personalized consultation.

Sources

• NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software, The Hacker News.

• NASA Employees Duped in Chinese Phishing Scheme Targeting Defense Software, Security Boulevard.

• Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software, Security Affairs.

• Chinese National Charged in Years-Long NASA Phishing Scheme, NTD News.

• NASA Employees Duped In Chinese Phishing Cyberattack, TechJuice.