Three Chinese nationals indicted Monday are part of an APT group, Gothic Panda, that targets aerospace, defense, energy, technology, NGOs and the like.
Three Chinese nationals indicted Monday are part of an APT group, Gothic Panda, that targets aerospace, defense, energy, technology, NGOs and the like.

Three Chinese nationals indicted for computer hacking, identity theft, conspiracy and lifting trade secrets worked for a security company, Guangzhou Bo Yu Information Technology Company (Boyusec), that is likely a front for cyberespionage activities.

“Once again, the Justice Department and the FBI have demonstrated that hackers around the world who are seeking to steal our companies' most sensitive and valuable information can and will be exposed and held accountable,” said Acting Assistant Attorney General for National Security Dana J. Boente.  “The Justice Department is committed to pursuing the arrest and prosecution of these hackers, no matter how long it takes, and we have a long memory.”

The trio, Wu Yingzhuo, Dong Hao and Xia Lei, worked together to hack corporations and steal sensitive documents and communications, according to a Justice Department release.

“Defendants Wu, Dong and Xia launched coordinated and targeted cyber intrusions against businesses operating in the United States, including here in the Western District of Pennsylvania, in order to steal confidential business information,” said Soo C. Song, Acting U.S. Attorney for the Western District of Pennsylvania.  “These conspirators masked their criminal conspiracy by exploiting unwitting computers, called ‘hop points,' conducting ‘spearphish' email campaigns to gain unauthorized access to corporate computers, and deploying malicious code to infiltrate the victim computer networks.”

The indictment that was unsealed Monday said the three targeted and stole information from Moody's Analytics, Siemens AG and Trimble, Inc. that included hundreds of gigabytes of data on a variety of sectors from housing finance, construction and energy to technology, transportation and agriculture.

They “exploited vulnerabilities in computer systems or used malware, or malicious code to obtain and maintain unauthorized access into computers” to steal the information.

“Much of the activity within the indictment dates back sometime, and the group known as APT3 were outed earlier this year by independent researchers as Boyusec,” said AlienVault Threat Engineer Chris Doman. “There were reports last year that much of their activity had moved to focus on domestic targeting against residents of Hong Kong recently. Historically, they targeted a number of western defence contractors and aerospace companies.”

CrowdStrike said that the group, which it has tracked as Gothic Panda and whose activities go back to 2007, “are one of the most technically advanced state-affiliated actors in China” whose previous targets have been in aerospace, defense, energy, technology, NGOs and the like, “that are primarily aligned with China's economic objectives.”

The security firm “has observed an uptick in activity by this group since 2016.”

Doman said that it wasn't “a surprise this indictment comes from the FBI's Pittsburgh office - they have been very aggressive at going after cybercriminals.”

FBI Special Agent in Charge of the Pittsburgh Division Robert Johnson said that catching international hackers requires collaboration. “In order to effectively address the cyber threat, a threat that respects no boundaries and continues to grow in both its scope and complexity, law enforcement must come together and transcend borders to target criminal actors no matter where they are in the world,” he said.