NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

Summary

The NASA Office of Inspector General revealed that Chinese national Song Wu, an engineer at state-owned Aviation Industry Corporation of China (AVIC), orchestrated a years-long spear-phishing campaign (2017–2021) impersonating U.S. researchers to steal sensitive aerospace and defense software from NASA, military agencies, universities, and private firms. Song was indicted in September 2024 on wire fraud and aggravated identity theft charges and remains at large on the FBI's Most Wanted List. The scheme succeeded in multiple cases where victims unknowingly violated U.S. export control laws by sharing proprietary modeling software used for advanced weapons and tactical missile development.

Full text

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software Ravie LakshmananApr 24, 2026Espionage / National Security, The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities, universities, and private companies, in violation of export control laws. "For years, NASA employees and research collaborators thought they were simply sharing software with colleagues," the OIG said in a Thursday release. "Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers." The individual linked to the campaign was outed as Chinese national Song Wu in September 2024, when the U.S. Department of Justice (DoJ) announced charges against him for orchestrating a multi-year campaign that stretched from January 2017 to December 2021 and involved targeting dozens of U.S. professors, researchers, and engineers. Some of the victims of the campaign were employed at NASA, the Air Force, the Navy, the Army, and the Federal Aviation Administration, while the others worked at major universities and private sector firms. According to the 2024 indictment, Song was an engineer at the Aviation Industry Corporation of China (AVIC), a Chinese state-owned aerospace and defense conglomerate founded in 2008. In an attempt to obtain modeling software used for aerospace design and weapons development, Song and his co-conspirators are alleged to have conducted extensive research on their targets by masquerading as friends and colleagues to gain access to proprietary software and source code. The OIG said the scheme was successful in a handful of cases where victims shared the sensitive information with the imposter accounts managed by Song et al without realizing they were violating U.S. export control laws. Song has been indicted on counts of wire fraud and 14 counts of aggravated identity theft, and faces a maximum sentence of 20 years in prison for each count of wire fraud. He also faces a two-year consecutive sentence if convicted of aggravated identity theft. The 40-year-old remains at large. Adding Song to the U.S. Most Wanted List, the U.S. Federal Bureau of Investigation (FBI) said the specialized software could be used for industrial and military applications, including the development of advanced tactical missiles and aerodynamic design and assessment of weapons. "As phishing campaigns continue to become more sophisticated, there are common clues that can betray scammers and expose their export fraud schemes," the OIG said. "In Song's case, he made multiple requests for the same software and did not justify why he needed it." "Export control scammers also often suggest unusual payment methods (such as suspicious wire transfers); abruptly change the terms or source of payment; and use unconventional transfer methods to mask their identity and evade shipping restrictions." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  aerospace, cybersecurity, data protection, Espionage, identity theft, national security, Phishing, Wire Fraud Trending News 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Why Security Leaders Are Layering Email Defense on Top of Secure Email Gateways Why Threat Intelligence Is the Missing Link in CTEM Prioritization and Validation The Hidden Security Risks of Shadow AI in Enterprises Your MTTD Looks Great. Your Post-Alert Gap Doesn't Popular Resources Discover Key AI Security Gaps CISOs Face in 2026 Fix Rising Application Security Risks Driven by AI Development Automate Alert Triage and Investigations Across Every Threat How to Identify Risky Browser Extensions in Your Organization

Entities