A group of 10 people, led by agents of the Jiangsu provincial arm of China Ministry of State Security (MSS) tried to hack into the computer systems of a U.S. company and a French company with an office in Suzhou, China, both manufacturers of a turbofan engine used in commercial airliners, the Justice Department (DoJ) alleged on Tuesday.
The intelligence officers, Zha Rong and Chai Meng, worked for the Jiangsu Province Ministry of State Security in Nanjing, a local foreign intelligence arm of China's Ministry of State Security.
"At the time of the intrusions, a Chinese state-owned aerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in China and elsewhere", the Justice Department said.
Although the French company is unnamed in the indictment [PDF], it is nearly certainly Safran, which has been working with General Electric in the United States to develop a new type of engine, LEAP, for large commercial jetliners.
In September, a Chicago federal grand jury indicted a Chinese-born U.S. Army Reserves soldier who is accused of working as an agent for the same intelligence group. Additionally, two of those named in the indictment were employed by the French company.
"This is just the beginning", he said in a statement.
The indictment detailed efforts to use malware and phishing techniques to hack into target computers and remove data on the engines and parts.
They then installed malware on different companies' servers to pull off a so-called "watering hole" attack where it tracked and hacked visitors to the company's real website. One month later, Gu, who oversaw information security in the French company's Suzhou office, warned his colleagues when foreign law enforcement notified the company about the malware, US prosecutors said.
The Justice Department in recent years has brought similar prosecutions against Chinese military or government officials accused of hacking into American corporations to steal secrets and prosecutors vowed to redouble those efforts.
He said: "It reflects how China is conducting cyber-enabled commercial espionage". In January 2014, conspiracy members allegedly infected a laptop in Gu's company with malware, dubbed Sakula, which communicated with the domain ns24.dnsdojo.com.
On top of all this, the Chinese intelligence officers recruited two employees at a French aerospace manufacturer to secretly plant malware within their company's computer systems.
An unidentified USA company and the French manufacturer oversaw the turbofan engine project, according to court papers.
The indictment is among a small but growing collection of prosecutions that openly accuses the Chinese government of stealing USA trade secrets. The malware, called Sakula, was created to exploit vulnerabilities in the Internet Explorer web browser.
In a text message indicating malware had been planted in one of the targeted computers, Tian told a Chinese intelligence officer, "The horse was planted this morning".