They pilfered turbofan engine commercial airliners tech

Oct 30, 2018 19:39 GMT  ·  By

Collective charges against ten Chinese nationals have been unsealed on October 30 by the U.S. Department of Justice, accusing them of "repeated intrusions into private companies’ computer systems in the United States and abroad for over five years."

Zha Rong and Chai Meng are allegedly intelligence officers for the Jiangsu Province Ministry of State Security (JSSD), the foreign intelligence arm of the People’s Republic of China’s Ministry of State Security (MSS).

According to DoJ's press release, the MSS is supposed to be the organization responsible "for domestic counter-intelligence, non-military foreign intelligence, and aspects of political and domestic security."

As stated in the unsealed charges, the JSSD intelligence officers and a team of hired hackers including Zhang Zhang-Gui, Liu Chunliang, Ma Zhiqi, Gao Hong Kun, and Zhuang Xiaowei, were working on stealing the tech used in a turbofan engine used in U.S. and European commercial airliners.

The members of the Chinese intelligence group helped by the Gu Gen and Tian Xi insiders were able to hack a French aerospace manufacturer which was working on the development of the turbofan engine, as well as Arizona, Massachusetts, and Oregon aerospace companies who were also involved in the development of the tech they were targeting.

The ten Chinese nationals are also suspected of being members of APT15 or APT27 threat groups

"The hackers used a range of techniques, including spear phishing, sowing multiple different strains of malware into company computer systems, using the victim companies’ own websites as “watering holes” to compromise website visitors’ computers, and domain hijacking through the compromise of domain registrars," according to the DoJ press release.

Furthermore, "State-sponsored hacking is a direct threat to our national security," said U.S. Attorney Adam Braverman. "This action is yet another example of criminal efforts by the MSS to facilitate the theft of private data for China’s commercial gain."

According to some security researchers, the group of Chinese nationals matches previously discovered and tracked APT groups APT15 (Vixen Panda, Ke3chang, Royal APT or Playful Dragon) and APT27 (Threat Group-3390 or Emissary Panda), both of them believed to be affiliated with the Chinese government.

It is not yet known if they are the ones behind one or the other, or if they are members of both threat groups, especially given that when it comes to APT groups, they are known to share skills, methods, and group members.