Chinese national accused by US of NASA and military spear-phishing campaign

Song Wu allegedly stole source code and proprietary software

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The US Department of Justice (DoJ) accused a Chinese national, named Song Wu, of stealing sensitive information and proprietary software from NASA and other high-profile government and private organizations in the United States.

In apress releasepublished on the DoJ website, the organization noted Wu was working at the Aviation Industry Corporation of China (AVIC) as an engineer. AVIC is the country’s aerospace and defense conglomerate.

While employed at AVIC, between 2017 and 2021, he was sending phishingemailsto people working at NASA, the Air Force, Navy, and Army, the Federal Aviation Administration, as well as people working at universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana, and Ohio.

Successful phishing

In these emails, he was impersonating other people working at these organizations, casually asking for things such as source code, proprietary software, and similar. The software is used in aerospace engineering, missile and weapons development, and more.

One of the emails, showcased in the indictment, read: “Hi [Victim 2], I sent Stephen an email for a copy of NASCART-GT code, but got no response right now. He must be too busy. Will you help and sent (sic) it to me?”

NASCART-GT, short for Numerical Aerodynamics Simulation via CARTesian Grid Techniques, is a computational fluid dynamics (CFD) solver developed at Georgia Tech. It simulates complex aerodynamics, including supersonic and hypersonic flows, for various aerospace applications.

Apparently, the strategy worked, as at least some people ended up giving Wu what he needed. The DoJ does not say what was stolen:

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“In some instances, the targeted victim, believing that defendant SONG … was a colleague, associate, or friend requesting the source code or software electronically transmitted the requested source code or software to defendant Song.”

Wu, 39, is now facing 14 counts of wire fraud, and 14 counts of aggravated identity theft. He remains at large, and if arrested, could face up to 20 years in prison for each count of wire fraud, and two years for each count of aggravatedidentity theft,The Registerreports.

ViaThe Register

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Quordle today – hints and answers for Saturday, November 9 (game #1020)