EXECUTIVE SUMMARY:

Using spearphishing techniques, malware, domain hijackings and other methods, Chinese hackers allegedly hacked aerospace companies and stole company secrets during a five-year span between 2010 and 2015.

The Department of Justice (DOJ) announced yesterday that they had indicted a group of 10 people. Ars Technica reports that their goal was to steal data to help a Chinese government-owned company design its own jetliner. Federal officials allege that the campaign targeted 13 companies in the process.

The campaign was sophisticated and coordinated. As Ars Technica writes, “According to the indictment, they registered “doppelganger” domain names such as capstonetrubine.com that closely resembled the legitimate domain names of aerospace companies. In other cases, prosecutors said, the defendants infected the websites of real companies. They then allegedly turned the malicious domains into watering holes by sending spear phishing emails that directed targets to visit the doppelganger or infected websites. When targets complied, they were infected.”

In May, Cyber Talk reported that Fraud.org and Brian Krebs were warning about a similar tactic called ‘typosquatting’ in which hackers set up malicious websites using misspelled domain addresses in the hopes of trapping careless typists.

The indicted hackers also purportedly lured employees from some of the targeted companies to participate, by getting them to infect their corporate networks and reveal intelligence.

Get the full story at Ars Technica.