Wu Yingzhuo, Dong Hao and Xia Lei indictment (2017)
(Redirected from Wu Yingzhuo, Dong Hao and Xia Lei indictments (2017))
| Date | The attacks were carried out between 2011 and 2017. An indictment against the actors was issued on 13 September 2017.[1] |
|---|---|
| Suspected actor | Wu Yingzhuo, Dong Hao and Xia Lei, who formed a China-based Internet security company Guangzhou Bo Yu Information Technology Company Limited (a.k.a. Boyusec). Boyusec is believed to be APT3 (also known as UPS Team, Pirpi, Buckeye, Gothic Panda or TG-0110), acting as a contractor of the Chinese Ministry of State Security.[2][3] |
| Target | The group hacked corporates Moody’s Analytics, Siemens AG and Trimble, Inc.[4] On the basis of these attacks, the actors were investigated and charged by the United States authorities.[5]
Moreover, the group is behind many other attacks on companies in the aerospace, defense, telecommunications, transportation, construction or advanced technology sectors as well as on government departments in Hong Kong, the United States and other States.[6] |
| Method | The group is one of the most sophisticated APT groups ever known and has used a wide range of tools and techniques.[7][8]
As concerns the attacks on the three corporates on which basis the indictment was imposed, to access to the victims’ networks, the group used either spearphishing emails or a backdoor designed to bypass the victims' security systems and firewalls. The actors attempted to hide their true identities and location by using aliases and intermediary computer servers known as "hop points."[9] |
| Purpose | Economic cyber espionage. |
| Result | Compromising emails and identity data of employees, theft of confidential business information, including trade secrets, and damage to victims’ computer systems.[10] |
| Aftermath | The United States Department of Justice and the FBI issued an indictment against the group for computer hacking, theft of trade secrets, conspiracy and identity theft directed at employees and computers of the three corporate victims. The indictment does not mention anything about a link to the Chinese government.[11] Shortly after the publication of the indictment, Boyusec was disbanded.[12] All members of the group remain at large. |
| Analysed in | Scenario 09: Economic cyber espionage |
Collected by: Adam Botek
- ↑ “Criminal Indictment No. 17-247 in the United States District Court for the Western District of Pennsylvania”.
- ↑ “APT3 is Boyusec, a Chinese Intelligence Contractor”, (9 May 2017), intrusiontruth.
- ↑ Insikt Group, “Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3”, (17 May 2017), Recorded Future.
- ↑ T Brewster, “Chinese Trio Linked To Dangerous APT3 Hackers Charged With Stealing 407GB Of Data From Siemens”, (27 November 2017), Forbes.
- ↑ United States Department of Justice, “U.S. Charges Three Chinese Hackers Who Work at Internet Security Firm for Hacking Three Corporations for Commercial Advantage”, (27 November 2017).
- ↑ Insikt Group, “Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3”, (17 May 2017), Recorded Future.
- ↑ “APT3”, Mitre.
- ↑ “Advanced Persistent Threat Groups”, FireEye.
- ↑ “Criminal Indictment No. 17-247 in the United States District Court for the Western District of Pennsylvania”.
- ↑ Ibid.
- ↑ Ibid.
- ↑ J Chin, “Chinese Firm Behind Alleged Hacking Was Disbanded This Month”, (27 November 2017), The Wall Street Journal.