Through their phishing campaigns and malware attacks, the said hackers were not only able to breach networks at several USA based private companies like Moody's Analytics, Siemens AG and Trimble Inc., but were also able to get their hands on confidential trade secrets and sensitive employee information. The alleged hackers are associated with a Guangzhou cybersecurity firm known as Boyusec.
'Defendants Wu, Dong and Xia launched coordinated and targeted cyber intrusions against businesses operating in the United States, including here in the Western District of Pennsylvania, in order to steal confidential business information, ' said Acting U.S. Attorney Song.
Beyond links to hacking group APT3, Recorded Future said Boyusec has indirect ties to China's main intelligence agency, the Ministry of State Security. "Their previous targeting includes industries such as Aerospace, Defense, Energy, Technology, NGOs, etc., that are primarily aligned with China's economic objectives".
China does not have an extradition agreement with the USA and likely would not hand over the three if they did, since their company is suspected to have ties to Chinese military hackers Unit 61398.
The Justice Department said the three defendants, who worked for Guangzhou Bo Yu Information Technology Company, conspired to hack into computers of private corporate entities to steal sensitive documents and communications data. If the attack was successful, attackers would gain long-term, backdoor access to victims' PC, according to the indictment.
Trimble spent millions of dollars over three years developing a GNSS product that uses a low-priced antenna to improve location data for tablets and mobile phones, the indictment says. All told, the men allegedly took 275 megabytes of data that would have aided a Trimble competitor in creating a competing product. It says no client data was breached.
A representative for Trimble said the company had responded to the attempted hacks and determined they had "no meaningful impact" on its business. The operation in question allegedly started in 2011, when the hackers gained access to the unidentified economist's account and began forwarding all of their emails to an account controlled by themselves.
Between 2013 and 2014, the hackers also "accessed the internal email server of Moody's Analytics and placed a forwarding rule in the email account of a prominent employee".