WASHINGTON ― Three Chinese nationals are accused of conspiring to hack into U.S. and foreign based private corporate entities to steal their trade secrets.
Wu Yingzhou, Dong Hao and Xia Lei of the Chinese-based internet security company Bo Yo Information Technology Company Limited (Boyusec) were indicted on computer hacking charges against Moody’s Analytics, Siemens and Trimble, Inc.
“These conspirators masked their criminal conspiracy by exploiting unwitting computers, called ‘hop points,’ conducting ‘spearphish’ email campaigns to gain unauthorized access to corporate computers and deploying malicious code to infiltrate the victim computer networks,” Western District of Pennsylvania acting U.S. Attorney Soo C. Song stated.
Beginning around 2011 and continuing up to May 2017, the conspirators allegedly attempted to search and steal confidential business and commercial information from their targets, including usernames and passwords. Once a recipient opened the conspirators’ spearphishing email, malware known as “ups” and “exeproxy” would be installed on their harddrive, thus allowing the conspirators persistent access to the infected computer.
For example, between 2015 and 2016, Wu had supposedly stolen files from Trimble containing important trade secrets related to a type of global navigation satellite systems technology the company was creating. The 275 megabytes of data include info that would have helped a Trimble competitor create a similar product without the millions of dollars in research and development investments.
Wu and Dong in particular were both founding members and equity shareholders of Boyusec while Xia was an employee. The three face maximum penalties of 42 years should they be found guilty on all counts.