Major Corporate Hacks Tied to Chinese ‘Security’ Firm

(CN) – A federal grand jury indicted three Chinese nationals Monday on charges that they stole trade secrets from the software developer Trimble Inc., as well as proprietary data from Siemens AG and Moody’s Analytics.

Based in Sunnyvale, California, Trimble sells GPS and satellite technology to partners in various industries such as construction, land survey and agriculture.

New York-based Moody’s meanwhile uses its expertise in credit analysis and economic research to manage risk, and the German manufacturer Siemens has footholds in a number of fields from health care and energy management to financial services and transportation.

Prosecutors say Wu Yingzhuo, Dong Hao and Xia Lei hold themselves out as employees of of a purported internet-security firm in China called Boyusec, short for the Guangzhou Bo Yu Information Technology Company.

In an indictment unsealed Monday in Pennsylvania’s Western District, the trio are accused of gaining unauthorized access to Siemens, Moody’s and Trimble’s computers between 2011 and May 2017.

The intrusions allegedly occurred when an employee of one of the targeted entities opened a malicious attachment or malware link from a spearphishing email.

This facilitated “unauthorized, persistent access to the recipient’s computer,” which the co-conspirators used to install malware that they referred to as “ups” and “exeproxy,” according to the indictment.

In addition to stealing usernames and passwords, the trio acquired other sensitive employee information, work product, and confidential business and commercial data, according to the indictment.

The trio are accused of compromising hundreds of gigabytes of data related to various sectors including energy, technology, transportation, construction and agriculture, as well as land survey and housing finance.

Prosecutors say the co-conspirators used aliases concealed their activities, location and Boyusec affiliation by registering online accounts, intermediary computer servers known as “hop points,” and valid credentials stolen from victim systems.

Yingzhuo is known by the aliases “mxmtmw,” “Christ Wu” and “wyz.” Hao is also known as “Bu Yi,” “Dong Shi Ye” and “Tianyu,” and Lei is also known as “Sui Feng Yan Mie.”

All three are residents of Guangzhou, China.

Prosecutors say Wu and Dong founded Boyusec and are equity shareholders. Dong additionally held the title of executive director and manager, while Xia was a Boyusec employee.

They are charged with eight counts computer hacking, theft of trade secrets, conspiracy and identity theft.

%d bloggers like this: