“This is just the beginning,” Assistant Attorney General John Demers said. “Together with our federal partners, we will redouble our efforts to safeguard America’s ingenuity and investment.”
The alleged conspiracy ran for at least five years beginning in 2010, and focused on the theft of technology underlying a turbofan engine used in U.S. and European commercial jets, officials said. The engine was being developed through a partnership between a French company with an office in Suzhou, China, and a U.S. company.
Neither company was identified in the indictment, and none of the alleged conspirators is in U.S. custody.
The superseding indictment was issued Oct. 25 in the Southern District of California.
The defendants hacked the French firm, as well as companies in Arizona, Massachusetts and Oregon that made parts for the jet engine, officials alleged. At the time of the intrusions, a Chinese state-owned aerospace company was developing a comparable commercial jet engine, they said.
The alleged hacking of commercial secrets to benefit a Chinese company took place before Beijing made a pledge to Washington in September 2015 not to conduct such espionage. Experts have said that since then, China’s cyber-enabled commercial spying has resumed, in particular by the Ministry of State Security [MSS], which conducts nonmilitary foreign espionage and handles domestic counterintelligence.
Two of the defendants, Zha Rong and Chai Meng, are officers with the Jiangsu Province Ministry of State Security [JSSD], a provincial arm of the MSS.
Zha Rong is accused of directing the intrusion into the French firm. Chai Meng, who is also known as “Cobain,” coordinated the hackers and the activity of two Chinese employees of the French company, who also were charged for their role in facilitating the technology theft, U.S. officials alleged. Those employees, Gu Gen and Tian Xi, worked in the company’s Suzhou office.
According to the indictment, in January 2014, Tian received malware from his MSS handler and installed it on a company computer. One month later, Gu, who oversaw information security in the French company’s Suzhou office, warned his colleagues when foreign law enforcement notified the company about the malware, U.S. prosecutors said.
As a result, two other defendants erased evidence linking the malware to an account controlled by the Chinese government operatives, prosecutors said.
The first alleged hack took place in January 2010, when the defendants compromised Capstone Turbine, a Los Angeles-based gas turbine manufacturer, to steal data and use its website to spread malware.
Other hacking attempts followed, including against an unidentified San Diego computer technology company whose network was repeatedly compromised, causing thousands of dollars of damage, prosecutors said. In that conspiracy, prosecutors said, Zhang Zhang-Gui, a hacker operating at the direction of the provincial MSS, gave his friend Li Xiao malware that had been developed by the operatives who hacked Capstone Turbine. With that malware, Li was able to hack the San Diego company, prosecutors alleged.
This month, the Justice Department announced that an MSS intelligence officer was extradited to the Southern District of Ohio on charges that he attempted to steal trade secrets related to jet aircraft engines. Last month, a grand jury indicted a U.S. Army recruit accused of working as an agent of a JSSD spy.