APT3

US Charges Three Members of Elite Chinese Cyber-Espionage Unit

US authorities have acted on one of the worst-kept secrets in cyber-security and have filed official charges against three Chinese hackers part of one of China's elite cyber-espionage unit.

According to an indictment unsealed today by the Department of Justice (DOJ), officials have charged the three hackers for hacking three companies —Moody’s Analytics, Siemens, and Trimble— between 2011 and May 2017.

More precisely, the DOJ charged Wu Yingzhuo with hacking Trimble, Dong Hao with hacking Siemens, and Xia Lei with hacking Moody's Analytics.

The three suspects work for cyber-security firm Boyusec

The three suspects work for Chinese cyber-security firm "Guangzhou Bo Yu Information Technology Company Limited," also known under its short name of Boyusec. Both Wu and Dong are founding members and shareholders, while Xia is just an employee.

Several reports published in May 2017 fingered Boyusec as notorious cyber-espionage unit APT3, one of the Chinese government's most proficient hacking units.

APT3, also known as UPS, Gothic Panda, and TG-011, has been active since 2010 and has been tied to the theft of intellectual property from private businesses, but also to cyber-espionage with substantial political implications. Past reports have tied the group to hacks all over the world, but most often in Hong Kong and the US.

Boyusec identified as APT3 six months ago

Blog posts published by Intrusion Truth linked Wu and Dong to domain names used in the server infrastructure from where many APT3 attacks originated.

Another report claimed Boyusec was a government contractor that reported to the Guangdong Information Technology Security Evaluation Center (or Guangdong ITSEC), who is a local branch of the China Information Technology Evaluation Center (CNITSEC), an organization run by the Chinese Ministry of State Security (MSS).