Wu Yingzhuo, Dong Hao and Xia Lei indictment (2017)

From International cyber law: interactive toolkit
Jump to navigation Jump to search
Date The attacks were carried out between 2011 and 2017. An indictment against the actors was issued on 13 September 2017.[1]
Suspected actor Wu Yingzhuo, Dong Hao and Xia Lei, who formed a China-based Internet security company Guangzhou Bo Yu Information Technology Company Limited (a.k.a. Boyusec). Boyusec is believed to be APT3 (also known as UPS Team, Pirpi, Buckeye, Gothic Panda or TG-0110), acting as a contractor of the Chinese Ministry of State Security.[2][3]
Target The group hacked corporates Moody’s Analytics, Siemens AG and Trimble, Inc.[4] On the basis of these attacks, the actors were investigated and charged by the United States authorities.[5]

Moreover, the group is behind many other attacks on companies in the aerospace, defense, telecommunications, transportation, construction or advanced technology sectors as well as on government departments in Hong Kong, the United States and other States.[6]

Method The group is one of the most sophisticated APT groups ever known and has used a wide range of tools and techniques.[7][8]

As concerns the attacks on the three corporates on which basis the indictment was imposed, to access to the victims’ networks, the group used either spearphishing emails or a backdoor designed to bypass the victims' security systems and firewalls. The actors attempted to hide their true identities and location by using aliases and intermediary computer servers known as "hop points."[9]

Purpose Economic cyber espionage.
Result Compromising emails and identity data of employees, theft of confidential business information, including trade secrets, and damage to victims’ computer systems.[10]
Aftermath The United States Department of Justice and the FBI issued an indictment against the group for computer hacking, theft of trade secrets, conspiracy and identity theft directed at employees and computers of the three corporate victims. The indictment does not mention anything about a link to the Chinese government.[11] Shortly after the publication of the indictment, Boyusec was disbanded.[12] All members of the group remain at large.
Analysed in Scenario 09: Economic cyber espionage

Collected by: Adam Botek