US authorities have pressed charges against three individuals working for a Chinese government-linked security firm for alleged hacking, stealing trade secrets and identity theft.
The three - Wu Yingzhuo, Dong Hao and Xia Lei - are employees of Guangzhou Bo Yu Information Technology Company, or Boyusec, and reside in China.
Boyusec is a contractor to China's Ministry of State Security.
Researchers earlier this year identified a link between Boyusec and the Advanced Persistent Threat 3 hacking group allegedly responsible for stealing the blueprints for ASIO's new Canberra building in 2013.
APT3 used malware uploaded to an ASIO employee's laptop to steal the blueprints.
In the US indictment, APT3 is alleged to have attacked Moody's Analytics, Siemens' Pittsburgh office, and global positioning system company Trimble, through a spear-phishing campaign that sought to install malware on victims' systems.
“These conspirators masked their criminal conspiracy by exploiting unwitting computers, called ‘hop points,’ conducting spear-phish email campaigns to gain unauthorised access to corporate computers, and deploying malicious code to infiltrate the victim computer networks,” acting US attorney Soo Song said.
The "ups" and "exeproxy" malware, if installed, gave the hackers access to targets' computers, allowing them to search for and copy over confidential business information as well as user credentials.
APT3 is alleged to have stolen hundreds of gigabytes of data from the three companies in the US.
Xia is accused of accessing an internal email server at Moody's in 2011 and setting up a message forwarding rule for the account of an unidentified "prominent employee", US prosecutors said.
The rule forwarded all the employee's emails to a webmail service. Xia is said to have accessed the confidential messages until 2014.
Dong allegedly accessed Siemens' networks in 2014 and obtained employees' login credentials. He is said to have copied over 407 gigabytes of proprietary commercial data belonging to Siemens.
Wu is alleged to have stolen GPS technology that Trimble was developing between 2015 and 2016, which may have been passed onto a competing firm.
Wu and Dong are the founders of Boyusec.
Along with Xia they remain in China. They face one charge of computer fraud and abuse, and two charges of trade secret theft, each with a maximum penalty of ten years in prison.
The hackers have also been charged with wire fraud, facing a maximum 20 years in prison, and agggravated identity theft.
The APT3 hacking group is also known as BuckEye, UPS Team, Gothic Panda and TG-011.
