NASA OIG Details Chinese National's Years-Long Spear-Phishing Scheme for Defense Software

The NASA Office of Inspector General has disclosed that a Chinese national posed as a U.S. researcher for years to trick NASA employees and contractors into sharing sensitive defense technology. In a Thursday release, the OIG said victims believed they were simply sharing software with colleagues. Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers. The individual was identified as Song Wu in a September 2024 Department of Justice indictment. The DOJ charged him with orchestrating a multi-year phishing scheme that stretched from January 2017 to December 2021 and involved targeting dozens of U.S. professors, researchers, and engineers. Some victims worked at NASA, the Air Force, the Navy, the Army, and the Federal Aviation Administration. Others were employed at major universities and private sector firms. According to the 2024 indictment, Song was an engineer at the Aviation Industry Corporation of China, a Chinese state-owned aerospace and defense conglomerate founded in 2008. He and his co-conspirators allegedly conducted extensive research on their targets, masquerading as friends and colleagues to gain access to proprietary modeling software used for aerospace design and weapons development. The OIG said the scheme succeeded in a handful of cases where victims shared sensitive information without realizing they were violating U.S. export control laws. Song has been indicted on counts of wire fraud and 14 counts of aggravated identity theft. He faces a maximum sentence of 20 years in prison for each count of wire fraud, plus a two-year consecutive sentence if convicted of aggravated identity theft. The 40-year-old remains at large. The FBI, which added Song to the U.S. Most Wanted List, said the specialized software could be used for industrial and military applications, including the development of advanced tactical missiles and aerodynamic design and assessment of weapons. The OIG warned that export control scammers often suggest unusual payment methods, abruptly change the terms or source of payment, and use unconventional transfer methods to mask their identity. In Song's case, he made multiple requests for the same software and did not justify why he needed it.