Vulnerability Management

Chinese intelligence agents indicted for hacking U.S., French jet engine companies

A team of Chinese intelligence agents and their cybercriminal minions were indicted by the Department of Justice for hacking into a U.S. and French company that were jointly developing a new turbofan engine for use on commercial airliners.

Chinese intelligence agents indicted for stealing jet engine plans.

The intrusions took place between 2011 and 2015 and affected a wide variety of companies in addition to the two engine manufacturers.

The Department of Justice has charge Zha Rong and Chai Meng, who worked for Jiangsu Province Ministry of State Security – the provincial foreign intelligence arm of the People’s Republic of China’s Ministry of State Security, as heading a group that consisted of Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei, and Ma Zhiqi. The DoJ stated the group recruited Gu Gen and Tian Xi as insider agents as they worked for the French company at their offices in Suzhou, Jiangsu province, China.

The industrial espionage operation used a variety of techniques to obtain data such as spear phishing, inserting a variety of malware types into company computer systems, using the victim companies’ own websites as “watering holes” to compromise website visitors’ computers and domain hijacking through the compromise of domain registrars.

The first penetration took place in January 2010 the group infiltrated the Los Angeles-based Capstone Turbine and used its website as a watering hole a similar move was made against an unnamed San Diego-based company from 2012 to 2015.

The two inside agents were used to place malware into the French company’s computer in January 2014, but this was discovered one month later and the insiders tried to remove the malware to hide the attack.

"It’s also interesting to see that the Chinese Ministry of State Security (MSS) have combined human intelligence and cyber espionage together, which shows that the infection vector doesn’t always need to be virtual – it can also be physical," said Sean Sullivan, F-Secure's security advisor.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.