The US is accusing two Chinese intelligence officers of orchestrating the hacking of various American companies to steal trade secrets pertaining to aircraft engine designs.
On Tuesday, the US Justice Department unsealed an indictment against ten Chinese suspects over the conspiracy, which occurred between at least Jan. 2010 and May 2015. Two of the people named in the indictment, Zha Rong and Chai Meng, work under China's foreign intelligence arm, the Ministry of State Security, federal investigators claim.
Allegedly, the two officers led a team of five Chinese hackers that was focused on stealing technology dealing with a turbofan engine used by US and European commercial airliners. To steal the intellectual property, the hackers relied on spreading malware to take over the IT systems from companies specializing in aerospace and technology.
The indictment specifically claims the hackers used both the Sakula and IsSpace Windows-based Trojans to attack their targets. To plant the malware, the team relied on spear phishing emails and "watering hole" attacks, in which official company websites are compromised to secretly deliver malware to visitors' computers.
According to federal investigators, the first attack occurred when the hackers breached a Los Angeles-based gas turbine manufacturer named Capstone Turbine. The goal was to rig the manufacturer's official website to deliver malware.
The hackers also infiltrated an unnamed San Diego-based technology company, and managed to access about 40 computer systems in an effort to steal data and plant more malware. Other intrusions occured at aerospace companies based in Arizona, Massachusetts and Oregon.
On top of all this, the Chinese intelligence officers recruited two employees at a French aerospace manufacturer to secretly plant malware within their company's computer systems. Both employees worked at the manufacturer's office in Suzhou, China and eventually planted the Sakula malware on a company laptop through a USB stick.
Federal investigators claim the conspiracy was tied to a Chinese state-owned aerospace company that was also working on its own turbofan engine. To hide their activities, the hackers bought servers across the world, including in the US, and forwarded their internet traffic through them. One member of the hacking group also brought in another Chinese national to conduct intrusions on the San Diego-based tech company for their own criminal ends.
Tuesday's indictment is the latest attempt by the US to name and shame China over its alleged attempts to steal trade secrets from American companies. Earlier this month, Justice Department managed to even extradite an accused Chinese government spy from Belgium to the US on charges that he stole trade secrets from aviation firms.
"This is just the beginning," said John Demers, assistant attorney general for national security, in a statement. "Together with our federal partners, we will redouble our efforts to safeguard America's ingenuity and investment."
So far, China hasn't commented on the charges. But it's unlikely that the country will willingly extradite any of the suspects named in the indictment.