Crowdstrike, a U.S. cybersecurity research and consulting firm, recently released a report that examined China’s series of aggressive and frequent hacking operations that occurred during the years when Commercial Aircraft Corporation of China Ltd. (Comac) was developing its C919 commercial aircraft. Officials from China’s Ministry of State Security (MSS), underground hacking groups and personnel, cyber security researchers, and employees (moles) of multiple companies in many countries were involved in the operations. The purpose of these hacking operations was to assist Comac’s development of the C919 commercial aircraft, obtain a large number of intellectual property rights from foreign companies, narrow the gap between China’s aviation industry and foreign manufacturers capable of making large passenger aircraft, and eventually to be able to compete with industry giants Boeing and Airbus.
Crowdstrike’s report revealed that MSS designated the Jiangsu provincial State Security division to carry out hacking attacks, while the Jiangsu division appointed two coordinators. One coordinator led the hacking team and the other was responsible for recruiting people from aerospace companies in different countries. Between 2010-2015, the hackers attacked a list of companies including U.S. electronic instruments and electromechanical devices manufacturer Ametek, U.S. multinational conglomerate Honeywell that produces engineering services and aerospace systems, French multinational aircraft engine, rocket engine, aerospace-component and defense company Safran, U.S. gas turbine manufacturer Capstone, and General Electric.
These hacking operations are different from similar actions in the past. They attempted to recruit and utilize China’s underground hacking gangs whose mission is to gain access to the target company’s network and install malware such as Sakula, PlugX, and Winnti, use these software to find the proprietary intellectual property and trade secrets of the target company, and send the information to the remote servers. If these practices were unsuccessful, another MSS team would try to recruit Chinese employees in the target company and have them install malware on the company’s computer network.
Source: Radio Free Asia, October 15, 2019