POST Online Media Lite Edition



 

Chinese intelligence conspired to steal sensitive aviation and technological data for years

Staff Writer |
Chinese intelligence officers and those working under their direction, which included hackers and co-opted company insiders, conducted or otherwise enabled repeated intrusions into private companies’ computer systems in the United States and abroad for over five years.<br><br>rnThe conspirators’ ultimate goal was to steal, among other data, intellectual property and confidential business information, including information related to a turbofan engine used in commercial airliners.<br><br>rnThe charged intelligence officers, Zha Rong and Chai Meng, and other co-conspirators, worked for the Jiangsu Province Ministry of State Security (“JSSD”), headquartered in Nanjing, which is a provincial foreign intelligence arm of the People’s Republic of China’s Ministry of State Security (“MSS”).<br><br>rnThe MSS, and by extension the JSSD, is primarily responsible for domestic counter-intelligence, non-military foreign intelligence, and aspects of political and domestic security.<br><br>rnFrom at least January 2010 to May 2015, JSSD intelligence officers and their team of hackers, including Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei, and Ma Zhiqi, focused on the theft of technology underlying a turbofan engine used in U.S. and European commercial airliners.<br><br>rnThis engine was being developed through a partnership between a French aerospace manufacturer with an office in Suzhou, Jiangsu province, China, and a company based in the United States.<br><br>rnMembers of the conspiracy, assisted and enabled by JSSD-recruited insiders Gu Gen and Tian Xi, hacked the French aerospace manufacturer.<br><br>rnThe hackers also conducted intrusions into other companies that manufactured parts for the turbofan jet engine, including aerospace companies based in Arizona, Massachusetts and Oregon.<br><br>rnAt the time of the intrusions, a Chinese state-owned aerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in China and elsewhere.<br><br>rnDefendant Zhang Zhang-Gui is also charged, along with Chinese national Li Xiao, in a separate hacking conspiracy, which asserts that Zhang Zhang-Gui and Li Xiao leveraged the JSSD-directed conspiracy’s intrusions, including the hack of a San Diego-based technology company, for their own criminal ends.<br><br>rn“For the third time since only September, the National Security Division, with its US Attorney partners, has brought charges against Chinese intelligence officers from the JSSD and those working at their direction and control for stealing American intellectual property,” said John C. Demers, Assistant Attorney General for National Security.<br><br>rn“This is just the beginning.<br><br>rnTogether with our federal partners, we will redouble our efforts to safeguard America’s ingenuity and investment.”<br><br>rn“State-sponsored hacking is a direct threat to our national security.<br><br>rnThis action is yet another example of criminal efforts by the MSS to facilitate the theft of private data for China’s commercial gain,” said U.S.<br><br>rnAttorney Adam Braverman.<br><br>rn“The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products.”<br><br>rn“The threat posed by Chinese government-sponsored hacking activity is real and relentless,” said John Brown, FBI Special Agent in Charge of the San Diego Field Office.<br><br>rn“Today, the Federal Bureau of Investigation, with the assistance of our private sector, international and U.S.<br><br>rngovernment partners, is sending a strong message to the Chinese government and other foreign governments involved in hacking activities.<br><br>rnWe are working together to vigorously investigate and hold hackers accountable regardless of their attempts to hide their illicit activities and identities.”<br><br>rnOn October 10, the Department of Justice announced that a JSSD intelligence officer was extradited to the Southern District of Ohio, on charges that he attempted to steal trade secrets related to jet aircraft engines, and in September, in the Northern District of Illinois, a grand jury indicted a U.S.<br><br>rnArmy recruit who is accused of working as an agent of a JSSD intelligence officer, without notification to the Attorney General.rnrnAs the indictment in the Southern District of California describes in detail, China’s JSSD intelligence officers and hackers working at their direction masterminded a series of intrusions in order to facilitate intrusions and steal non-public commercial and other data.<br><br>rnThe hackers used a range of techniques, including spear phishing, sowing multiple different strains of malware into company computer systems, using the victim companies’ own websites as “watering holes” to compromise website visitors’ computers, and domain hijacking through the compromise of domain registrars.<br><br>rnThe first alleged hack began no later January 8, 2010, when members of the conspiracy infiltrated Capstone Turbine, a Los-Angeles-based gas turbine manufacturer, in order to steal data and use the Capstone Turbine website as a “watering hole.”<br><br>rnChina’s intelligence service also sought, repeatedly, to hack into a San Diego-based technology company from at least August 7, 2012 through January 15, 2014, in order to similarly steal commercial information and use its website as a “watering hole.”<br><br>rnChinese actors used not only hacking methods to conduct computer intrusions and steal commercial information, they also coopted victim company employees.<br><br>rnFrom at least November 2013 through February 2014, two Chinese nationals working at the direction of the JSSD, Tian Xi and Gu Gen, were employed in the French aerospace company’s Suzhou office.<br><br>rnOn January 25, 2014, after receiving malware from an identified JSSD officer acting as his handler, Tian infected one of the French company’s computers with malware at the JSSD officer’s direction.<br><br>rnOne month later, on February 26, 2014, Gu, the French company’s head of Information Technology and Security in Suzhou, warned the conspirators when foreign law enforcement notified the company of the existence of malware on company systems.<br><br>rnThat same day, leveraging that tip-off, conspirators Chai Meng and Liu Chunliang tried to minimize JSSD’s exposure by causing the deletion of the domain linking the malware to an account controlled by members of the conspiracy.<br><br>rnThe group’s hacking attempts continued through at least May of 2015, when an Oregon-based company, which, like many of the other targeted companies, built parts for the turbofan jet engine used in commercial airliners, identified and removed the conspiracy’s malware from its computer systems.<br><br>rnCount Two of the indictment charges a separate conspiracy to hack computers in which Zhang Zhang-Gui, a defendant charged in Count One, supplied his co-defendant and friend, Li Xiao, with variants of the malware that had been developed and deployed by hackers working at the direction of the JSSD on the hack into Capstone Turbine.<br><br>rnUsing malware supplied by Zhang, as well as other malware, Li launched repeated intrusions that targeted a San Diego-based computer technology company for more than a year and a half.<br><br>rnThese intrusions caused thousands of dollars of damage to protected computers.<br><br>rnCount Three of the indictment charges Zhang Zhang-Gui with the substantive offense of computer hacking a San Diego technology company, which was one of the targets of the conspiracies alleged in Counts One and Two.<br><br>rnThe charges contained in the indictment are merely accusations, and the defendants are presumed innocent unless and until proven guilty.<br><br>rnThe FBI, led by the San Diego Field Office, conducted the investigation that resulted in charges announced today.<br><br>rnThis case is being prosecuted by Alexandra Foster and Sabrina Fève of the United States Attorney’s Office for the Southern District of California and Jason McCullough of the National Security Division’s Counterintelligence and Export Control Section.<br><br>rnThe Criminal Division’s Office of International Affairs also provided assistance in this matter, and the Department appreciates the cooperation and assistance provided by France’s General Directorate for Internal Security (DGSI) and the

Article continues below




ttp://www.histerius.com/hs0818/officials.jpg" class="slikadesno" alt="officials" title="officials">Chinese intelligence officers and those working under their direction, which included hackers and co-opted company insiders, conducted or otherwise enabled repeated intrusions into private companies’ computer systems in the United States and abroad for over five years.

The conspirators’ ultimate goal was to steal, among other data, intellectual property and confidential business information, including information related to a turbofan engine used in commercial airliners.

The charged intelligence officers, Zha Rong and Chai Meng, and other co-conspirators, worked for the Jiangsu Province Ministry of State Security (“JSSD”), headquartered in Nanjing, which is a provincial foreign intelligence arm of the People’s Republic of China’s Ministry of State Security (“MSS”).

The MSS, and by extension the JSSD, is primarily responsible for domestic counter-intelligence, non-military foreign intelligence, and aspects of political and domestic security.

From at least January 2010 to May 2015, JSSD intelligence officers and their team of hackers, including Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei, and Ma Zhiqi, focused on the theft of technology underlying a turbofan engine used in U.S. and European commercial airliners.

This engine was being developed through a partnership between a French aerospace manufacturer with an office in Suzhou, Jiangsu province, China, and a company based in the United States.

Members of the conspiracy, assisted and enabled by JSSD-recruited insiders Gu Gen and Tian Xi, hacked the French aerospace manufacturer.

The hackers also conducted intrusions into other companies that manufactured parts for the turbofan jet engine, including aerospace companies based in Arizona, Massachusetts and Oregon.

At the time of the intrusions, a Chinese state-owned aerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in China and elsewhere.

Defendant Zhang Zhang-Gui is also charged, along with Chinese national Li Xiao, in a separate hacking conspiracy, which asserts that Zhang Zhang-Gui and Li Xiao leveraged the JSSD-directed conspiracy’s intrusions, including the hack of a San Diego-based technology company, for their own criminal ends.

“For the third time since only September, the National Security Division, with its US Attorney partners, has brought charges against Chinese intelligence officers from the JSSD and those working at their direction and control for stealing American intellectual property,” said John C. Demers, Assistant Attorney General for National Security.

“This is just the beginning.

Together with our federal partners, we will redouble our efforts to safeguard America’s ingenuity and investment.”

“State-sponsored hacking is a direct threat to our national security.

This action is yet another example of criminal efforts by the MSS to facilitate the theft of private data for China’s commercial gain,” said U.S.

Attorney Adam Braverman.

“The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products.”

“The threat posed by Chinese government-sponsored hacking activity is real and relentless,” said John Brown, FBI Special Agent in Charge of the San Diego Field Office.

“Today, the Federal Bureau of Investigation, with the assistance of our private sector, international and U.S.

government partners, is sending a strong message to the Chinese government and other foreign governments involved in hacking activities.

We are working together to vigorously investigate and hold hackers accountable regardless of their attempts to hide their illicit activities and identities.”

On October 10, the Department of Justice announced that a JSSD intelligence officer was extradited to the Southern District of Ohio, on charges that he attempted to steal trade secrets related to jet aircraft engines, and in September, in the Northern District of Illinois, a grand jury indicted a U.S.

Army recruit who is accused of working as an agent of a JSSD intelligence officer, without notification to the Attorney General. As the indictment in the Southern District of California describes in detail, China’s JSSD intelligence officers and hackers working at their direction masterminded a series of intrusions in order to facilitate intrusions and steal non-public commercial and other data.

The hackers used a range of techniques, including spear phishing, sowing multiple different strains of malware into company computer systems, using the victim companies’ own websites as “watering holes” to compromise website visitors’ computers, and domain hijacking through the compromise of domain registrars.

The first alleged hack began no later January 8, 2010, when members of the conspiracy infiltrated Capstone Turbine, a Los-Angeles-based gas turbine manufacturer, in order to steal data and use the Capstone Turbine website as a “watering hole.”

China’s intelligence service also sought, repeatedly, to hack into a San Diego-based technology company from at least August 7, 2012 through January 15, 2014, in order to similarly steal commercial information and use its website as a “watering hole.”

Chinese actors used not only hacking methods to conduct computer intrusions and steal commercial information, they also coopted victim company employees.

From at least November 2013 through February 2014, two Chinese nationals working at the direction of the JSSD, Tian Xi and Gu Gen, were employed in the French aerospace company’s Suzhou office.

On January 25, 2014, after receiving malware from an identified JSSD officer acting as his handler, Tian infected one of the French company’s computers with malware at the JSSD officer’s direction.

One month later, on February 26, 2014, Gu, the French company’s head of Information Technology and Security in Suzhou, warned the conspirators when foreign law enforcement notified the company of the existence of malware on company systems.

That same day, leveraging that tip-off, conspirators Chai Meng and Liu Chunliang tried to minimize JSSD’s exposure by causing the deletion of the domain linking the malware to an account controlled by members of the conspiracy.

The group’s hacking attempts continued through at least May of 2015, when an Oregon-based company, which, like many of the other targeted companies, built parts for the turbofan jet engine used in commercial airliners, identified and removed the conspiracy’s malware from its computer systems.

Count Two of the indictment charges a separate conspiracy to hack computers in which Zhang Zhang-Gui, a defendant charged in Count One, supplied his co-defendant and friend, Li Xiao, with variants of the malware that had been developed and deployed by hackers working at the direction of the JSSD on the hack into Capstone Turbine.

Using malware supplied by Zhang, as well as other malware, Li launched repeated intrusions that targeted a San Diego-based computer technology company for more than a year and a half.

These intrusions caused thousands of dollars of damage to protected computers.

Count Three of the indictment charges Zhang Zhang-Gui with the substantive offense of computer hacking a San Diego technology company, which was one of the targets of the conspiracies alleged in Counts One and Two.

The charges contained in the indictment are merely accusations, and the defendants are presumed innocent unless and until proven guilty.

The FBI, led by the San Diego Field Office, conducted the investigation that resulted in charges announced today.

This case is being prosecuted by Alexandra Foster and Sabrina Fève of the United States Attorney’s Office for the Southern District of California and Jason McCullough of the National Security Division’s Counterintelligence and Export Control Section.

The Criminal Division’s Office of International Affairs also provided assistance in this matter, and the Department appreciates the cooperation and assistance provided by France’s General Directorate for Internal Security (DGSI) and the Cybercrime Section of the Paris Prosecutor’s Office during the investigation of this matter.


What to read next

Conspiring to export specialty metals to Iran
Chinese company Sinovel Wind Group convicted of theft of trade secrets
Executives charged with manipulating company’s accounting systems

Russia bans imports of sunflower, corn seeds from several companies in Chile, Turkey, Hungary, France

 
Russia's Federal Service for Veterinary and Phytosanitary Surveillance (Rosselkhoznadzor) has banned imports of sunflower seeds and corn seeds from Chile, Turkey, Hungary, and France.
 
 

Latest

Swiss automotive giant Feintool leaving Germany behind, relocates to Hungary
International Longshoremen’s Association continues its fight against job losses
TRA recommends new measures to protect UK excavator industry
Sri Lanka begins pilot program to sterilize monkeys to reduce crop damage

NEWS

Bulgaria, Romania to be full Schengen members starting January 1

U.S.: Below normal temperatures in south and east, west will experience above normal temperatures
UK: Sizewell A delivers groundbreaking turbine hall milestone
UnitedHealthcare CEO Brian Thompson assassinated in New York
U.S.: Arctic outbreak of cold air will expand, dangerously cold wind chills expected
Finland, Sweden complete repairs on Baltic Sea cables
 

BUSINESS

U.S. rigs increased nicely

New York: More than $15.5 million awarded through Office of Strategic Workforce Development
EU Commission, EIB to invest in European battery manufacturing
U.S. oil rigs continue decline
EU ports handled 3.4 billion tonnes of freight in 2023
U.S. oil rig count down by 1, Canadian up by 1
 

Trending Now

Australian farmers urged to sign up to farm fire fighting vehicle trial

AfDB disburses first tranche of $1bn loan to Transnet for recovery

Stellantis and CATL to invest up to €4.1 billion in JV for large-scale LFP battery plant in Spain

TRA recommends new measures to protect UK excavator industry


POLITICS

Under Secretary Fernandez travels to Brussels, Belgium

Lieutenant Governor Way to lead inaugural New Jersey-India commission trip to India
Commission approves €1.9 billion German State aid in favor of DB Cargo
Pakistan proposes Russia take part in oil and gas exploration on its shelf
Michigan Governor met with business leaders and foreign officials in Spain
Spain passes measures to protect workers amid climate emergency
 

Today We Recommend

Bulgaria, Romania to be full Schengen members starting January 1


Highlights 

Unite secures huge pay win for Qantas workers

Stellantis and CATL to invest up to €4.1 billion in JV for large-scale LFP battery plant in Spain

AfDB disburses first tranche of $1bn loan to Transnet for recovery


COMPANIES

Unite secures huge pay win for Qantas workers

Stellantis and CATL to invest up to €4.1 billion in JV for large-scale LFP battery plant in Spain
AfDB disburses first tranche of $1bn loan to Transnet for recovery
Amgen will expand in North Carolina, create 370 jobs
NexGen Cabinets selects North Carolina for East Coast operation
CELIA submarine cable connecting Caribbean to U.S.
 

CAREERS

Star Alliance elects Michael Rousseau as new chairperson

René van Boxtel new CEO of Tecair B.V
Pan-African legal group CLG appoints Leon Van der Merwe as partner
Stellantis board accepts Carlos Tavares’ resignation as CEO
Joe Depa named as EY global chief innovation officer
Comviva appoints chief strategy, technology and transformation officer
 

ECONOMY

Indonesia goes from $0.6 billion deficit to $5.9 billion surplus

Greece to repay $5.3 billion bailout debt early
Fraser Institute: Canada’s debt ranking falls from best in G7 to 7th worst
Kuwait reports $5.2 bln budget deficit in FY 2023-24
Eurozone reports modest Q1 GDP growth, stable annual inflation
Italy sees faster economic growth in Q1
 

EARNINGS

Ericsson Q2 sales down but North America up

Lockton revenue $3.55 billion
Motorcar Parts of America Q4 sales $189.5 million
Limoneira Q2 revenue $44.6 million
Lululemon athletica Q1 revenue increased 10% to $2.2 billion
PVH Q1 GAAP EBIT $205 million
 

OP-ED

Micromanaging is the worst enemy of efficiency and teamwork

Niger set to monetize massive gas reserves through Saharan natural gas pipeline
Putting the brakes on EV folly that choked the market
Oil discovery in Kavango Basin may mean huge benefits for Namibians
Cape Town and Dubai battle over Africa's energy future
Is America going to lose its superpower status?
 

AGRIFISH

Australian farmers urged to sign up to farm fire fighting vehicle trial

Maltese official hails bluefin tuna export to China
Brazil unveils investment plan to spur agro-industrial development
Government pays out £57 million to farmers affected by flooding
Canada confirms new case of Dermo disease in oysters
Bulgaria, Romania demand protective measures against Ukrainian honey imports
 

LEADERSHIP

Study: Missing a deadline has a bigger impact than you might think

Employers prefer younger job candidates for AI roles although experienced workers perform same or better
Study finds workers misjudge wage markets
Some organizations may need to expand their hierarchical structures earlier than others
Study finds there's right way and wrong way to deliver negative feedback in workplace
Allyship is critical and its needs appreciation
 

CRIME

Commission fines Pierre Cardin and its licensee Ahlers €5.7 million for restricting cross-border sales of clothing

BHP, Vale agree to pay $30B damages for Brazil dam disaster
Commission fines České dráhy and Österreichische Bundesbahnen €48.7 million over collusion to exclude common compe
SEC charges Keurig with making inaccurate statements regarding recyclability of K-Cup beverage pod
SEC charges John Deere with FCPA violations for subsidiary’s role in Thai bribery scheme
AG Bonta secures $3.9 million settlement with cryptocurrency company Robinhood
 

Magazine

TRAVEL

Radisson Hotel Group debuts in the heart of Tunisia’s capital city, Tunis

Morocco’s first Radisson branded hotel opens in Casablanca
Buna channels, an unreal and beautiful part of Bosnia and Herzegovina
JW Marriott unveils Mindful Haven with opening of JW Marriott Hotel Nairobi
Sotheby's Sports Week returns with fantastic artifacts
Red Roof properties open in Michigan
 

SEA, LAND, AIR

Citroën C3 Aircross, the most affordable compact SUV with 7 seats

2025 Chevrolet Equinox stands apart with fresh looks and capability
Hill Helicopters HX50, luxury in the sky
Opel Movano becomes fully equipped camper van
Porsche Panamera, new hybrid variants
Dodge Charger, 670 horsepower of electric
 

DESIGN

Cold night, hot fire pit, cool entertainment

Embellish your home with PVC panels
You'll have to hurry if you want one of 20 new Louis Vuitton watches
Luxury duvet looks good, fells good and keeps you healthy
Vacheron Constantin, watches for life and more
Schüller kitchens, where functionality marries design
 

GADGETS

MESA/Boogie Celebrates 40-year partnership with John Petrucci

reMarkable 2, monochrome tablet for your thoughts and your eyes
OnePlus Ace 3V, first with Snapdragon 7 Plus Gen 3
ASUS Zenfone 11 Ultra, flagship with a reason
Samsung Galaxy S24 is photography powerhouse
Casette tapes are making a big comeback, and so are portable players
 

HEALTH

Human cases of anthrax reported in western Mongolia

One more barrier to developing vaccine for HIV removed
Rwanda begins world's first clinical trial for treatment of Marburg virus disease
Rwanda restricts gatherings amid Marburg virus outbreak, to begin trials of vaccine
Teksas Attorney General reaches settlement in first-of-its-kind healthcare generative AI investigation
Potentially deadly fungal disease spreading in California
 

MEANTIME

World-first carbon-14 diamond battery made

Einstein Telescope step closer
Exoplanet-hunting telescope to begin search for another Earth in 2026
India to build first phase of its own space station by 2028
Roscosmos chief approves schedule of creating Russian orbital station through 2033
Potentially habitable 'exo-Venus' with Earth-like temperature discovered