Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:50 PM
Connect Directly

Chinese Intelligence Officer Under Arrest for Trade Secret Theft

Yanjun Xu attempted to steal data on advanced aviation technology that GE Aviation, among others, had spent billions developing.

US authorities have arrested a Chinese intelligence officer for attempting to steal trade secrets that would have helped China unfairly advance in the aviation and aerospace sectors.

The arrest comes amid numerous recent reports about an increase in cyber-enabled espionage involving China-backed actors. It suggests that little has changed in the three years since China signed an agreement with the US to refrain from backing such activity.

"This case is not an isolated incident," said John Demers, assistant attorney general for the US Department of Justice's National Security division, in a statement announcing the arrest. "It is part of an overall economic policy of developing China at American expense."

In charges announced Wednesday, the DoJ accused Yanjun Xu, an operative of China's Ministry of State Security (MSS), with economic espionage involving theft of trade secrets from GE Aviation and other leading US aviation companies.

The charges, filed in federal court in the Southern District of Ohio, allege that Yu and other unnamed conspirators working on behalf of the Chinese government systematically targeted companies inside and outside the US that are considered leaders in the aviation industry.

The alleged activity started in December 2013 and continued through April of this year, when Yu was arrested in Belgium after he traveled there to meet with an engineer from GE Aviation. Yu has since been extradited to the US, where he faces up to 15 years in federal prison if convicted on the espionage charges.

Court papers related to the case describe Yu as the deputy division director with the MSS's Jiangsu State Security Department. One of Yu's responsibilities in that role was to obtain technical information, including trade secrets from aviation and aerospace companies around the world.

In carrying out that mission, Yu would often use aliases and represent himself as being associated with the Jiangsu Science & Technology Promotion Association (JAST). He would target expert engineers at aviation companies and recruit them to travel to China to ostensibly deliver university presentations on aviation technology-related topics.

Going After GE Aviation's Material Design Technology
One of the engineers Yu targeted worked at GE Aviation. Yu contacted the individual in March 2017 and invited the engineer to deliver a presentation at China's leading Nanjing University of Aeronautics and Astronautics (NUAA). In discussing what to present, Yu instructed the engineer to give a report on certain key GE Aviation engine structure design analysis and manufacturing technology.

On one occasion, the engineer travelled to China and gave a presentation at NUAA, for which the engineer was later reimbursed $3,500 for travel and other expenses.

In subsequent communications with the same engineer, Yu tried to extract much more detailed information, including some highly proprietary information on the composite materials used in GE Aviation's fan blades and fan blade encasements. GE Aviation is the only company using the technology, which it spent billions of dollars in developing, the court papers said.

Though the engineer explicitly informed Yu that the information he was seeking involved commercial secrets, Yu persisted in asking for the information. He instructed the engineer on how to send him a copy of the file directory on the engineer's GE-issued computer. The engineer followed Yu's instructions for sorting and saving the file directory, resulting in a complete menu of all the files on the engineer's system. The engineer then sent the file to Yu, as instructed, but it was heavily edited to remove all sensitive information – and with GE Aviation's knowledge and approval.

The court documents also show that Yu targeted at least two other unnamed US aviation companies. The information he sought to obtain from these companies included materials related to electric landing gear and electric jet braking and data pertaining to a technology for aerial refueling of military aircraft.

Yu's arrest is sure to focus attention once again on China's state-backed espionage activity, an issue that the US government has previously raised at the highest levels. Yu is, in fact, the second Chinese citizen to be recently arrested. In September, law enforcement in Chicago arrested Ji Chaoqun on charges related to a conspiracy to steal information by recruiting Chinese nationals working as engineers and scientists for US firms, including military contractors.

In 2015, former President Barack Obama and Chinese counterpart Xi Jinping signed a much touted cyber agreement aimed at reducing some of the mounting tensions over the issue. The agreement calls for appropriate norms for state behavior in cyberspace and for both sides to refrain from knowingly supporting or conducting cyber-enabled theft of intellectual property.

The agreement came months after Obama issued an executive order that gave the US Treasury Department the authority to freeze all US-based property and assets of persons and entities that engage in cyber espionage on behalf of another country.

Three years later, little has changed. A recent report from CrowdStrike showed a sharp uptick in targeted intrusion attempts by China-backed actors against US companies in industries including defense, biotech, and pharmaceuticals. China-based entities, in fact, were behind 40 of the 70 or so targeted intrusions in the first half of this year that CrowdStrike was able to attribute.

"China is back as the most prolific nation-state actor conducting industrial espionage via cyber and non-cyber means," said Dmitri Alperovitch, co-founder and CTO of CrowdStrike, in a statement. "We believe China poses a long-term and strategic threat to the global economy, and today's arrest of a senior MSS officer responsible for industrial espionage is an important deterrence tool."  

Related Content:


Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
10/17/2018 | 10:21:06 PM
Espionage the old fashioned way
Well, in an era when everyone is working to defend against electronic intrusion into private networks to steal intellectual property, a Chinese military intelligence officer was apprehended in Belgium and extradited to the US to face charges for conducting old-school espionage. To do this means finding someone who works in an industry where you want to steal a company's intellectual property for your own commercial purposes. Groom them by inviting them to conferences in China to deliver technical presentations and meet with Chinese engineers, etc. Stay in touch with them and begin asking more pointed questions about how certain designs or processes you are interested in and see if they will eventually tell you or give you what you want to know. I think back in the day it was called "social engineering" and it doesn't look like it has gone completely out of style.

When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
PUBLISHED: 2021-01-15
Docker Desktop Community before on macOS mishandles certificate checking, leading to local privilege escalation.
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...