Prosecutors say Chinese cyber firm was front for hackers


A federal grand jury in Pittsburg has indicted three Chinese nationals on charges of computer hacking for allegedly penetrating networks used by Moody's Analytics and other US businesses to steal sensitive information and communications.

"We've tracked their activity back to 2007 and they are one of the most technically advanced state-affiliated actors in China", said Adam Meyers, CrowdStrike VP of intelligence, in an email to Fast Company.

Weirdly, the individuals named in the indictment - Guangzhou Bo Yu Information Technology Company Ltd employees/associates Wu Yingzhuo, Dong Hao and Xia Lei, per Reuters - aren't being named as part of a realistic effort to prosecute them, since they live in China.

Pentagon intelligence officials disclosed past year that Boyusec was linked to the MSS and a global Chinese telecommunications company known as Huawei Technologies that USA officials say has ties to the Chinese military.

The Chinese nationals face charges of computer hacking, theft of trade secrets, conspiracy and identity theft. "Their previous targeting includes industries such as Aerospace, Defense, Energy, Technology, NGOs, etc., that are primarily aligned with China's economic objectives". In 2014, they are alleged to have gained access to Siemens where they stole 407GB of data relating to the company's technology along with employee usernames and passwords. We rigorously monitor and protect our infrastructure and continually detect and hunt for breaches.

According to the indictment, which was filed in the US District Court for the Western District of Pennsylvania and was unsealed yesterday, November 27, the defendants accessed Trimble's networks in January 2016 and stole trade secrets.

Trimble spent millions of dollars over three years developing a GNSS product that uses a low-priced antenna to improve location data for tablets and mobile phones, the indictment says.

More news: Memphis Grizzlies' Marc Gasol was 'hurt' by benching in fourth quarter

Trimble says the unsealing of the indictment is "the culmination of an aggressive investigation by law enforcement".

A representative for Trimble said the company had responded to the attempted hacks and determined they had "no meaningful impact" on its business.

Moody's Analytics provides products and services for financial analysis and risk management.

The most recent hacking took place between 2011 and May 2017 and involved the use of fraudulent emails and a malware called UPS Backdoor, the Justice Department said.

Against Moody's, Xia hacked into the email of a Moody's specialist and placed a rule on his email that forwarded all messages to a separate email account.

Christopher Glyer, chief security architect at cybersecurity firm FireEye, says that unlike some APT attackers who focus on attack quantity and simply being "good enough", APT 3 differentiated itself by the quality of the attacks it launched.

In the wake of the indictment, it's not clear if APT 3 remains in operation.