NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html
Publish Date: 2026-04-24 10:13:00
Source Domain: thehackernews.com
The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities, universities, and private companies, in violation of export control laws.
“For years, NASA employees and research collaborators thought they were simply sharing software with colleagues,” the OIG said in a Thursday release. “Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers.”
The individual linked to the campaign was outed as Chinese national Song Wu in September 2024, when the U.S. Department of Justice (DoJ) announced charges against him for orchestrating a multi-year phishing scheme that stretched from January 2017 to December 2021 and involved targeting dozens of U.S. professors, researchers, and engineers.
Some of the victims of the campaign were employed at NASA, the Air Force, the Navy, the Army, and the Federal Aviation Administration, while the others worked at major universities and private sector firms.
According to the 2024 indictment, Song was an engineer at the Aviation Industry Corporation of China (AVIC), a Chinese state-owned aerospace and defense conglomerate founded in 2008. In an attempt to obtain modeling software used for aerospace design and weapons development, Song and his co-conspirators are alleged to have conducted extensive research on their targets by masquerading as friends and colleagues to gain access to proprietary software and source code.
The OIG said the scheme was successful in a handful of cases where victims shared the sensitive information with the imposter accounts managed by Song et al without realizing they were violating U.S. export control laws.
Song has been indicted on counts of wire fraud and…
