Chinese phishing against NASA: impersonated researcher led to leak of defense software

Colleagues, please note: NASA employees and personnel at other organizations sent sensitive engineering software to an adversary posing as a U.S. researcher.
- OIG: campaign ran 2017–2021; DOJ charges Song Wu linked to AVIC.
- Targets: NASA, USAF, USN, Army, FAA, universities and companies; objective — simulation software for aerodynamics and weapon systems.
- Techniques: spear‑phishing, identity fraud, repeated requests, and unusual transfer/payment methods.
Why it matters: these schemes exploit institutional trust and violate export controls, creating tangible security risks.
How do you strengthen vetting of software-transfer requests in your organization?
#cybersecurity #phishing #exportcontrol


Latest comments
No comments yet.