Security Experts:

Connect with us

Hi, what are you looking for?



U.S. Accuses China of Hacking Aerospace, Tech Companies

Chinese intelligence officers recruited hackers and insiders to help them steal sensitive information from aerospace and technology companies, the U.S. Department of Justice said on Tuesday.

Chinese intelligence officers recruited hackers and insiders to help them steal sensitive information from aerospace and technology companies, the U.S. Department of Justice said on Tuesday.

An indictment unsealed this week charges ten Chinese nationals over their role in the scheme, including two spies, six hackers and two insiders.

According to U.S. authorities, the operation was coordinated by Zha Rong and Chai Meng, intelligence officers working for the Jiangsu Province Ministry of State Security (JSSD) in the Chinese city of Nanjing. The JSSD is a foreign intelligence arm of China’s Ministry of State Security (MSS), which is responsible for non-military foreign intelligence, domestic counterintelligence, and political and domestic security.

Zha Rong and Chai Meng are said to have recruited five hackers, including Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei, and Ma Zhiqi, to steal information on a turbofan engine used in commercial airliners in Europe and the United States.

The targeted jet engine was being developed by a French aerospace company, which also had offices in China’s Jiangsu province, in cooperation with a U.S.-based firm.

The hackers targeted the French company via phishing, watering hole attacks, and domain hijacking, but they were also assisted by at least two individuals working at the firm’s Chinese office. Tian Xi allegedly planted a piece of malware received from a JSSD officer on the organization’s computers and Gu Gen, who had been working as the head of IT and security, tipped off the Chinese agency when foreign law enforcement discovered the malware.

In addition to the French aerospace manufacturer, the hackers targeted companies that built parts of the jet engine, including ones based on Massachusetts, Oregon and Arizona. Authorities pointed out that at the time of the attacks, which spanned from at least January 2010 to May 2015, an aerospace company owned by the Chinese government had also been working on a similar engine.

One of the alleged hackers, Zhang Zhang-Gui, has also been accused of working with an individual named Li Xiao as part of a separate hacking operation conducted “for their own criminal ends.” The Justice Department said one of the victims of this attack was a tech company in San Diego from which the hackers attempted to steal commercial information and use its website for a watering hole attack.

The first cyberattack known to U.S. authorities targeted Los Angeles-based Capstone Turbine. The attackers attempted to steal data from the company and use its website as a watering hole.

This is the third round of charges brought against JSSD spies since September. One JSSD officer was extradited to the United States for attempting to steal trade secrets related to jet engines and a U.S. Army recruit was indicted in September for working with a JSSD intelligence officer. None of the individuals targeted in the newly unsealed indictment are in U.S. custody.

“State-sponsored hacking is a direct threat to our national security. This action is yet another example of criminal efforts by the MSS to facilitate the theft of private data for China’s commercial gain,” said U.S. Attorney Adam Braverman. “The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products.”

Related: Chinese Traders Charged With Trading on Information Stolen from Hacked Law Firms

Related: Chinese National Charged With U.S. Hacking

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.


Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.