US prosecutors have charged three Chinese nationals affiliated with a cybersecurity company in China with hacking into Siemens AG, Trimble and Moody’s Analytics to steal confidential and business-critical data, according to a report by Reuters.
The report cited an indictment, which was unsealed on 27th November in federal court in Pittsburgh, Pennsylvania, charged the three with launching “coordinated and unauthorised” cyber-attacks between 2011 and 2017.
The defendants, Wu Yingzhuo, Dong Hao and Xia Lei, were owners, employees and associates of Guangzhou Bo Yu Information Technology Company that offers cybersecurity services, according to the indictment documents.
According to other local reports, an investigation by a team of agents led by the Pittsburgh FBI revealed that starting in 2011, the Chinese conspirators and others exploited vulnerabilities in computer systems or used malware to hack into corporate computers.
They hid their true identities by using aliases and intermediary computer servers called “hop points,” which they used to conceal their Internet protocol addresses and locations, according to the indictment.
The hackers allegedly monitored email correspondence of an unidentified Moody’s economist; stole data from transportation, technology and energy units at Siemens; and targeted Trimble as it developed a new and more precise global navigation satellite system, the indictment said.
Prosecutors said one of the defendants Dong Hao then used those accounts to hack into the company’s network. In 2015, he and the others stole 407 gigabytes of proprietary data pertaining to Siemens’ energy, technology and transportation businesses, prosecutors said.
Two US government officials told Reuters that Guangzhou Bo Yu, also known as Boyusec, is affiliated with China’s People’s Liberation Army Unit 61398, and that most if not all its hacking operations are state-sponsored and directed.
US prosecutors in Pittsburgh in May 2014 indicted five officers from the secretive unit 61398 with hacking into US nuclear, metal and solar firms to steal trade secrets. The indictments prompted warnings from Beijing that it would retaliate if Washington followed through with the charges.
The acting US attorney for Western Pennsylvania, Soo C. Song, said arrest warrants had been issued for the three men, but the case was not being prosecuted as state-sponsored hacking.
“It is not an element or subject of this indictment that there is state sponsorship,” Song said. However, the Justice Department’s National Security Division participated in the case, according to the indictment.
Siemens, based in Munich, Germany, is a technology company with interests in electrification, automation and digitalisation. Trimble, based in Sunnyvale, California, provides technology for a range of industries. Meanwhile, Moody’s Analytics, part of New York-based Moody’s Corp, provides products and services for financial analysis and risk management.
In 2015, then-US President Barack Obama and Chinese President Xi Jinping reached an agreement prohibiting both countries from stealing intellectual property for the benefit of domestic firms. US officials speculate that the classified intelligence that recently came to light indicates that Chinese hackers recently have begun violating the deal more frequently.
Trimble said no client data was breached in the hack. “Trimble responded to the incident and concluded that there is no meaningful impact on its business,” the company said in a statement.
A Moody’s spokesman said the firm worked closely with investigators, and “to our knowledge, no confidential customer data or other personal employee information was compromised.”
Meanwhile, a Siemens representative declined comment on the details of the hack, saying the company does not discuss “internal security matters.”