Employees Of Chinese Security Firm Indicted For Hacking Siemens, Trimble, Moody's
Three people associated with a Chinese cyber security firm are accused of hacking into the networks of three companies in an effort to steal business secrets, according to prosecutors from the United States Justice Department.
An indictment filed in September and unsealed in federal court Monday alleged three men working for Guangzhou Bo Yu Information Technology Company—also known as Boyusec—launched “coordinated and unauthorized” cyber attacks against financial services company Moody’s, GPS maker Trimble and electronics manufacturer Siemens.
According to the indictment, the hackers sent spearphishing emails—highly targeted email attacks designed to compromise an individual or individuals in order to hijack their accounts—to users around the world, including at the three compromised companies.
The spearphishing emails contained links to sites that hosted malicious software that, when downloaded, would provide the attackers with unauthorized access to a victim’s computer. According to the indictment, the malware was often customized and granted remote access to the computers it was installed on, allowing the attackers to search, copy and steal data from the machines.
The trio of hackers working within the Chinese cybersecurity firm conducted attacks against corporations between 2011 and 2017. During that time, the hackers were able to successfully compromise accounts and steal information from a number of organizations.
In an attack against financial services company Moody’s, the attackers were able to monitor email correspondence of an economist employed by the company for at least six months. According to the indictment, the compromised employee regularly appeared on national TV and was often quoted by news organizations.
International Business Times reached out to Moody’s but did not receive a response at the time of publication.
In 2014, the attackers were able to gain unauthorized access to computer networks belonging to electronics manufacturer Siemens. The hackers used that access to steal usernames and passwords belonging to Siemens employees and proprietary commercial data stored by the company.
A spokesperson for Siemens told IBT that “information security is of the highest priority” for the company. “We rigorously monitor and protect our infrastructure and continually detect and hunt for breaches,” the spokesperson said, but noted the company “does not comment on internal security matters.”
The attackers also carried out a multi-pronged campaign against GPS maker Trimble that took place between 2015 and 2016. The hackers were able to extract confidential documents and proprietary information from the company related to a new global navigation satellite system that it was developing at the time.
A spokesperson for Trimble acknowledged the breach when contacted by IBT but insisted that “no client data was breached.” According to the spokesperson, the company “responded to the incident and concluded that there is no meaningful impact on its business.”
At the time of the indictment, none of the three hackers charged were in custody. The alleged attackers were charged as individuals and not as state-sponsored actors, though last year the Pentagon linked Boyusec—the cybersecurity firm the hackers worked for—to Beijing's Ministry of State Security intelligence service.
Boyusec has previously been identified by independent researchers as APT3, a notorious hacking group that has targeted large corporations in the U.S., Hong Kong and the United Kingdom. Researchers at security firm Symantec concluded last year that the actions APT3 were consistent of those of a state-sponsored actor.
Chris Doman, a threat engineer at cybersecurity firm AlienVault , told IBT, “It’s not a surprise this indictment comes from the FBI’s Pittsburgh office—they have been very aggressive at going after cyber criminals.”
© Copyright IBTimes 2024. All rights reserved.