Hacking was not state sponsored, say US prosecutors, who accuse three Chinese of trying to steal business secrets
Three people affiliated with a Chinese cybersecurity firm hacked into the networks of Siemens AG, Trimble Inc and Moody’s Analytics to steal business secrets, US prosecutors said on Monday.
An indictment unsealed in federal court in Pittsburgh, Pennsylvania, charged the three for launching “coordinated and unauthorised” cyberattacks with others between 2011 and this year.
The hackers monitored email correspondence of an unidentified Moody’s economist, stole data from transport, technology and energy units at Siemens, and targeted Trimble as it developed a new global navigation satellite system, the indictment said.
The three Chinese citizens were not in custody and were charged as individuals, not as state-sponsored hackers, US prosecutors in the western Pennsylvania city said. The three sent “spearphishing” emails to computers in western Pennsylvania and around the world, according to the indictment.
Representatives for the three defendants and the Chinese company could not immediately be identified to seek comment on the charges.
The indictment was filed in September and the Chinese government has been aware of it, prosecutors said.
Trimble said no client was breached in the hack. “Trimble responded to the incident and concluded that there is no meaningful impact on its business,” the company said in a statement.
A Siemens representative could not immediately be reached for comment.
A Moody’s spokesman said the firm worked closely with investigators and “to our knowledge, no confidential customer data or other personal employee information was compromised.”
The defendants were identified as Wu Yingzhuo, Dong Hao and Xia Lei. The indictment said they were owners, employees and associates of Guangzhou Bo Yu Information Technology Company Ltd, a firm in the southern Chinese city of Guangzhou that offers cybersecurity services.
US Special Attorney in Pittsburgh Soo C Song said arrest warrants had been issued for the three accused.
“It is not an element or subject of this indictment that there is state sponsorship,” Song said.
The indictment refers to activities of a Chinese hacking group known as “Gothic Panda” with advanced technical capabilities which has been active since 2007, said Adam Meyers, a researcher with cyber firm CrowdStrike.
The group, which was active as of September, has targeted aerospace and defence, chemical, energy, financial, health care, industrial and transport firms in Britain, France, Hong Kong, the United States and other western nations, Meyers said.
The three people named in the identified were accused of exploiting vulnerabilities in computer systems and using malware to gain access to confidential business and commercial information, work product, and sensitive employee information including usernames and passwords.