NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
موظفين فـ NASA تعرضو لعملية "Spear-Phishing" طويلة استهدفت برامج الدفاع الميريكانية
NASA Staff Exploited in Long-Running Spear-Phishing Campaign Targeting U.S. Defense Software
TL;DR
The NASA Office of Inspector General (OIG) has detailed a multi-year spear-phishing operation led by a Chinese national who impersonated U.S. researchers to steal sensitive aerospace and defense software. The scheme, which ran from 2017 to 2021, successfully duped employees at NASA and other federal agencies into handing over proprietary code in violation of export control laws.
The Masquerade: How Defense Software Was Stolen
For nearly five years, NASA employees and research collaborators believed they were engaged in professional knowledge-sharing with their peers. In reality, they were falling victim to a calculated spear-phishing campaign orchestrated by Song Wu, a 40-year-old engineer at the Aviation Industry Corporation of China (AVIC).
The NASA Office of Inspector General (OIG) recently shed light on the mechanics of this breach, revealing that Song and his co-conspirators conducted extensive research on their targets to pose as friends or colleagues. By masquerading as U.S.-based engineers and researchers, the threat actors gained the trust of victims, eventually convincing them to email proprietary software and source code used for aerospace design and weapons development.
A Wide-Ranging Net: Targeting Government and Academia
The campaign was not limited to NASA. According to the U.S. Department of Justice (DoJ), the phishing scheme stretched from January 2017 to December 2021 and targeted a broad spectrum of the U.S. defense and research sectors.
Affected organizations included:
- Federal Agencies: NASA, the U.S. Air Force, Navy, Army, and the Federal Aviation Administration (FAA).
- Private Sector: Various private aerospace and defense firms.
- Academia: Dozens of professors and researchers at major U.S. universities.
The FBI has warned that the specialized software obtained through these fraudulent means has significant military applications, specifically for the development of advanced tactical missiles and aerodynamic assessments of weapons systems.
Red Flags and Export Control Violations
The OIG highlighted that while the phishing attempts were sophisticated, there were clues that could have exposed the scheme. In Song’s case, he frequently made multiple requests for the same software without providing a technical justification for why it was needed.
Furthermore, the OIG identified common indicators of export fraud schemes that organizations should monitor:
- Unusual Payment Methods: Requests for suspicious wire transfers.
- Abrupt Changes: Sudden shifts in the terms or sources of payment.
- Obfuscation: Using unconventional transfer methods to mask identities or evade shipping restrictions.
Legal Actions and Current Status
In September 2024, the DoJ announced an indictment against Song Wu. He faces 14 counts of wire fraud, which carry a maximum sentence of 20 years per count, and 14 counts of aggravated identity theft, which carry a two-year consecutive sentence.
Despite the legal charges, Song Wu remains at large. He has been added to the FBI’s Most Wanted List as the U.S. continues to investigate the full extent of the data exfiltrated during the four-year operation.
Conclusion
The breach at NASA serves as a stark reminder of the persistent threat posed by state-sponsored social engineering. By leveraging the collaborative cultural norms of the scientific community, threat actors can bypass traditional technical defenses. This case underscores the necessity for rigorous verification of identities when sharing sensitive or export-controlled software, even when the request appears to come from a trusted colleague.
Source: The Hacker News - NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
