Three Chinese nationals are facing U.S. charges of stealing information from U.S.-based companies, including Siemens and accessing a high-profile email account at Moody’s.
Wu Yingzhuo, Dong Hao and Xia Lei, who the Department of Justice (DoJ) said are residents of China, ended up indicted by a grand jury for a series of cyber-attacks against three corporate victims in the financial, engineering and technology industries between 2011 and May 2017.
Moody’s Analytics, Siemens, and GPS technology firm Trimble were victims in the attacks, law enforcement officials said.
The suspects work for Guangzhou Bo Yu Information Technology Company Limited, a firm that said it is a China-based Internet security firm also known as “Boyusec,” FBI officials said.
“Defendants Wu, Dong and Xia launched coordinated and targeted cyber intrusions against businesses operating in the United States, including here in the Western District of Pennsylvania, in order to steal confidential business information,” said Acting U.S. Attorney Soo C. Song. “These conspirators masked their criminal conspiracy by exploiting unwitting computers, called ‘hop points,’ conducting ‘spearphish’ email campaigns to gain unauthorized access to corporate computers, and deploying malicious code to infiltrate the victim computer networks.”
Wu’s conduct in the indictment includes an attack on Trimble in 2015 and 2016. Trimble was developing a Global Navigation Satellite Systems technology designed to improve the accuracy of location data on mobile devices, DoJ officials said. In January 2016, while this project was in development, Wu accessed Trimble’s network and stole files containing commercial business documents and data pertaining to the technology, including Trimble trade secrets. In total, between December 2015 and March 2016, Wu and the other co-conspirators stole at least 275 megabytes of data, including compressed data, which included hundreds of files that would have assisted a Trimble competitor in developing, providing and marketing a similar product without incurring millions of dollars in research and development costs, officials said.
Dong is accused of accessing Siemens’s computer networks in 2014 for the purpose of obtaining and using employees’ usernames and passwords in order to access Siemens’ network. In 2015, the co-conspirators stole approximately 407 gigabytes of proprietary commercial data pertaining to Siemens’s energy, technology and transportation businesses, DoJ said.
In or around 2011, the co-conspirators accessed the internal email server of Moody’s Analytics and placed a forwarding rule in the email account of a prominent employee. The rule directed all emails to and from the employee’s account to be forwarded to web-based email accounts controlled by the conspirators. In 2013 and 2014, Xia regularly accessed those web-based email accounts to access the employee’s stolen emails, which contained proprietary and confidential economic analyses, findings and opinions, DoJ said.
According to the indictment, the suspects:
• Stole 407 gigabytes of proprietary commercial data pertaining to Siemens’s energy, technology and transportation businesses.
• Accessed the internal email server of Moody’s Analytics and placed a forwarding rule in the email account of a prominent employee, and set it to forward all emails to and from the account to web-based email accounts controlled by the attackers.
• Stole at least 275 megabytes of data, including compressed data, which included hundreds of files that would have assisted a Trimble competitor in developing, providing and marketing a similar product without incurring millions of dollars in research and development costs.
“The primary goal of the co-conspirators’ unauthorized access to victim computers was to search for, identify, copy, package, and steal data from those computers, including confidential business and commercial information, work product, and sensitive victim employee information, such as usernames and passwords that could be used to extend unauthorized access within the victim systems,” the DoJ said. “For the three victim entities listed in the Indictment, such information included hundreds of gigabytes of data regarding the housing finance, energy, technology, transportation, construction, land survey, and agricultural sectors.”