New FBI case reveals Chinese aerospace engineer Song Wu conducted a 4-year espionage campaign targeting NASA, US military, and academia via social engineering. Charged with wire fraud and aggravated identity theft for stealing export-controlled aerospace IP.

In brief - A low-tech but highly effective spear-phishing operation by a state-linked actor evaded detection for years, exposing gaps in procedural security and identity verification. The case signals evolving threats from AI-driven deepfakes in social engineering.

Technically - Wu impersonated legitimate researchers using fraudulent Gmail accounts to solicit proprietary computational fluid dynamics and missile performance software. Detection occurred via a tip, not technical controls, underscoring reliance on human reporting. The campaign exploited trust in academic/researcher networks, bypassing technical defenses. Emerging deepfake threats could amplify such attacks, necessitating stronger verification and cross-agency collaboration.

Source: https://www.malwarebytes.com/blog/news/2026/04/chinese-engineer-stole-us-military-and-nasa-software-for-years

#Cybersecurity #ThreatIntel