DOJ indicts Chinese national for spear phishing campaign against NASA, FAA, Air Force

The Justice Department indicted a Chinese national for attempting to hack several aviation agencies across the U.S. government in order to steal software and code created by the National Aeronautics and Space Administration (NASA) and others.

Song Wu, a 39-year-old engineer at Chinese state-owned aerospace and defense conglomerate Aviation Industry Corporation of China (AVIC), is facing decades in prison on 14 counts of wire fraud and 14 counts of aggravated identity theft.

AVIC is one of the largest defense contractors in the world, building both civilian and military aircrafts. 

The DOJ accused Song of launching a lengthy campaign of sending emails to employees of NASA, the U.S. Air Force, Navy, Army and Federal Aviation Administration as well as officials at research universities in several states and aerospace companies.

Song would send the emails pretending to be someone connected to the victim — either a relative, friend or work colleague — asking that they send the source code or software that he was after.  

“Efforts to obtain our nation’s valuable research software pose a grave threat to our national security,” said U.S. Attorney Ryan Buchanan.

Buchanan said Song’s campaign lasted for years and he created multiple email accounts to impersonate people, successfully obtaining “specialized restricted or proprietary software used for aerospace engineering and computational fluid dynamics.”

The software, created by NASA and officials at universities and private companies, had military and civilian uses and could be applied to the “development of advanced tactical missiles and aerodynamic design and assessment of weapons,” U.S. officials added. 

The Justice Department did not name the software and did not say where Song is currently located. The FBI and NASA’s Office of Inspector General are still investigating Song’s actions. 

The charges come after U.S. agencies warned of campaigns led by hackers to steal proprietary aerospace information from U.S. companies. 

U.S. security agencies reported last year that multiple nation-state hackers exploited two vulnerabilities to attack an undisclosed aerospace company. Several other countries have had nation-state attackers target their aerospace industry over the last year as well. 

The FBI, the National Counterintelligence and Security Center (NCSC) and the Air Force Office of Special Investigations (AFOSI) published a two-page advisory one year ago that also warned of cyberattacks on the space industry due to its increasing importance to the global economy.