The Justice Department has charged ten Chinese nationals — two of which are intelligence officers — of hacking into and stealing intellectual property from a pair of unnamed US and French companies between January 2015 to at least May of 2015. The hackers were after a type of turbofan (portmanteau of turbine and fan), a large commercial airline engine, to either circumvent its own development costs or avoid having to buy it. According to the complaint by the Department of Justice, a Chinese aerospace manufacturer was simultaneously working on making a comparable engine. The hack afflicted unnamed aerospace companies located in Arizona, Massachusetts and Oregon.
The hackers used a combination of phishing schemes, malware, domain hijacking and using the company’s own website as a “watering hole,” stealing visitor information and infiltrating their computers. The malware installed on the French company’s Suzhou office was the Sakula malware, which was also used in Anthem, OPM, and other attacks. And another hacker’s nickname, Gao “mer4en7y” Hong Kun, has been linked to Winnti, a Chinese state-sponsored group known for IP theft operations according to a 2013 report by Kaspersky.
The two Jiangsu Province Ministry of State Security (JSSD) officers are Tian Xi and Gu Gen. They allegedly worked together with six hackers and two insiders at the unnamed French aerospace manufacturer’s office in Suzhou, Jiangsu, China. As noted by Reuters, considering that Safran SA is France’s only turbofan engine maker, and has been working with General Electric, it’s likely that these are two companies affected. The companies have been working on LEAP, a new engine used to power the largest type of airbuses. In the report only Los Angeles-based Capstone Turbine was mentioned by name.
“State-sponsored hacking is a direct threat to our national security,” said U.S. Attorney Adam Braverman. “The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products.”
On October 10th, the Justice Department announced that JSSD officers had been extradited to the Southern District of Ohio on charges of stealing trade secrets. None of the suspects are in US custody.