(malwarebytes.com) Chinese Aerospace Engineer Exploits Social Engineering in Four-Year Espionage Campaign Targeting US Research and Defense
-
(malwarebytes.com) Chinese Aerospace Engineer Exploits Social Engineering in Four-Year Espionage Campaign Targeting US Research and Defense
New FBI case reveals Chinese aerospace engineer Song Wu conducted a 4-year espionage campaign targeting NASA, US military, and academia via social engineering. Charged with wire fraud and aggravated identity theft for stealing export-controlled aerospace IP.
In brief - A low-tech but highly effective spear-phishing operation by a state-linked actor evaded detection for years, exposing gaps in procedural security and identity verification. The case signals evolving threats from AI-driven deepfakes in social engineering.
Technically - Wu impersonated legitimate researchers using fraudulent Gmail accounts to solicit proprietary computational fluid dynamics and missile performance software. Detection occurred via a tip, not technical controls, underscoring reliance on human reporting. The campaign exploited trust in academic/researcher networks, bypassing technical defenses. Emerging deepfake threats could amplify such attacks, necessitating stronger verification and cross-agency collaboration.
-
R relay@relay.infosec.exchange shared this topic
