DOJ indicts three Chinese nationals over hacks on Siemens, Moody’s, and Trimble

Three Chinese nationals are facing U.S. federal charges accusing them of hacking into analyst firm Moody’s, industrial giant Siemens, and GPS maker Trimble.

The three–Wu Yingzhuo, Dong Hao, and Xia Lei–are alleged to have obtained the emails of a prominent Moody’s economist, grabbed more than 400 gigabytes of data from Siemens systems, and stolen confidential technical and business data from Trimble linked to a commercial navigation project. The alleged hackers are associated with a Guangzhou cybersecurity firm known as Boyusec.

“These conspirators masked their criminal conspiracy by exploiting unwitting computers, called ‘hop points,’ conducting ‘spearphish’ email campaigns to gain unauthorized access to corporate computers, and deploying malicious code to infiltrate the victim computer networks,” said acting U.S. Attorney Soo C. Song, of the Western District of Pennsylvania, in a statement.

Security firm CrowdStrike, which refers to the alleged hacking ring as Gothic Panda, says it’s seen a rise in activity associated with the group since 2016.

“We’ve tracked their activity back to 2007 and they are one of the most technically advanced state-affiliated actors in China,” said Adam Meyers, CrowdStrike VP of intelligence, in an email to Fast Company. “Their previous targeting includes industries such as Aerospace, Defense, Energy, Technology, NGOs, etc., that are primarily aligned with China’s economic objectives.”

The three alleged hackers live in China, and it’s unclear if they’ll ever appear in U.S. court.

“The Justice Department is committed to pursuing the arrest and prosecution of these hackers, no matter how long it takes, and we have a long memory,” said Dana Boente, acting assistant attorney general for national security, on Monday.

The DOJ previously indicted five alleged Chinese hackers in 2014. They remain on the FBI’s Most Wanted list.SM