He was a Chinese citizen accused in the US on charges of conducting a “multi-year” phishing campaign to gain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities and private companies.
Song Woo, 39, was charged with 14 counts of wire fraud and 14 counts of aggravated identity theft. If convicted, he faces a maximum sentence of 20 years in prison on each count of fraud and two consecutive years in prison on the identity theft count.
He worked as an engineer at the Aviation Industry Corporation of China (AVIC), a Chinese state-owned aerospace and defense conglomerate founded in 2008 and headquartered in Beijing.
According to information posted on AVIC’s website, it has “more than 100 subsidiaries, nearly 24 listed companies and more than 400,000 employees.” In November 2020 and June 2021, the company and some of its subsidiaries were hit by US sanctions, which prohibited Americans from investing in the company.
Song is said to have run a phishing campaign that involved creating email accounts to impersonate US researchers and engineers, which were then used to obtain specialized restricted or proprietary aerospace and computational fluid dynamics software.
The software can also be used for industrial and military applications, including the development of advanced tactical missiles and the aerodynamic design and evaluation of weapons.
The emails, the US Department of Justice (DoJ) alleges, were sent to employees of NASA, the US Air Force, the Navy and Army, and the Federal Aviation Administration, as well as individuals working at major research universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana and Ohio.
The social engineering efforts, which began around January 2017 and continued until December 2021, also targeted private sector companies working in the aerospace industry.
Fraudulent messages purportedly sent by colleagues, associates, friends, or others in the research or engineering community asking potential subjects to submit or make available source code or software to which they had access. The Justice Department has not released the name of the software or the defendant’s current location.
“Once again, the FBI and our partners have demonstrated that cybercriminals around the world who seek to steal our companies’ most sensitive and valuable information can and will be exposed and prosecuted,” said FBI Special Agent in Charge Carrie Farley. Atlanta.
“As this indictment demonstrates, the FBI is committed to arresting and prosecuting anyone who engages in illegal and fraudulent methods of stealing protected information.”
Concurrent with the indictment, the Department of Justice also brought a separate indictment against Chinese national Jia Wei, a member of the People’s Liberation Army (PLA), for infiltrating an unnamed U.S. communications company in March 2017 to steal official information related to civilian and military communications equipment. product development and testing plans.
“During the hack, Wei and his associates attempted to install malware designed to provide ongoing unauthorized access to the US company’s network,” the Justice Department said. said. “Wei’s unauthorized access continued until approximately the end of May 2017.”
The development comes weeks after the UK’s National Crime Agency (NCA) announced that the three men, Callum Picari, 22; Vijayasidhurshan Vijayanathan, 21; and Aza Siddiq, 19, pleaded guilty to running a website that allowed cybercriminals to bypass bank fraud checks and take control of bank accounts.
The service, called OTP.agency, allowed monthly subscribers to socially engineer bank account holders into revealing real one-time passwords or revealing their personal information.
The secret service is said to have been contacted by more than 12,500 members of the public between September 2019 and March 2021 when it was shut down following the arrest of the trio. At the moment, it is not known how much illegal income this operation received during its existence.
“The £30-a-week basic package allowed multi-factor authentication on platforms such as HSBC, Monzo and Lloyds to be bypassed, allowing criminals to carry out fraudulent online transactions,” the NCA said. said. “The elite plan cost £380 a week and gave access to Visa and Mastercard verification sites.”
