Siemens, Trimble, Moody's breached by Chinese hackers,
Send a link to a friend
[November 28, 2017]
By Nick Keppler, Karen Freifeld and John Walcott
PITTSBURGH, Pa./NEW YORK/WASHINGTON
(Reuters) - U.S. prosecutors have charged three Chinese nationals
affiliated with a cyber security company in China with hacking into
Siemens AG, Trimble Inc and Moody's Analytics to steal business secrets.
An indictment unsealed on Monday in federal court in Pittsburgh,
Pennsylvania, charged the three with launching "coordinated and
unauthorized" cyber attacks between 2011 and 2017.
The defendants were identified as Wu Yingzhuo, Dong Hao and Xia Lei. The
indictment said they were owners, employees and associates of Guangzhou
Bo Yu Information Technology Company Ltd, a firm located in Guangzhou,
in southern China, that offers cyber security services.
Two U.S. government officials told Reuters that Guangzhou Bo Yu, also
known as Boyusec, is affiliated with China's People's Liberation Army
Unit 61398, and that most if not all its hacking operations are
state-sponsored and directed.
Chinese foreign ministry spokesman Geng Shuang told a regular press
briefing on Tuesday that he was unclear on the details of the case but
added that China opposes hacking and wants to work with other countries
to ensure global security.
"China firmly opposes and responds in accordance with the law to all
forms of cyber attacks," Geng said.
U.S. prosecutors in Pittsburgh in May 2014 indicted five officers from
the secretive unit 61398 with hacking into U.S. nuclear, metal and solar
firms to steal trade secrets. The indictments prompted warnings from
Beijing that it would retaliate if Washington followed through with the
The acting U.S. attorney for Western Pennsylvania, Soo C. Song, said
arrest warrants had been issued for the three men, but the case was not
being prosecuted as state-sponsored hacking.
"It is not an element or subject of this indictment that there is state
sponsorship," Song said. However, the Justice Department's National
Security Division participated in the case, according to the indictment.
The hackers monitored email correspondence of an unidentified Moody's
economist; stole data from transportation, technology and energy units
at Siemens; and targeted Trimble as it developed a new and more precise
global navigation satellite system, the indictment said.
Siemens, based in Munich, Germany, is a technology company with
interests in electrification, automation and digitalization. Trimble,
based in Sunnyvale, California, provides technology for a range of
Moody's Analytics, part of New York-based Moody's Corp, provides
products and services for financial analysis and risk management.
Trimble’s advances in geolocation and Siemens’ work in guidance and
navigation are of interest to the Chinese for internal security and
military purposes, as well as commercial, ones, according to one of the
officials, who declined to be named because some details of the case
[to top of second column]
The headquarters of Siemens AG is seen before the company's annual
news conference in Munich, Germany, November 9, 2017.
REUTERS/Michael Dalder/File Photo
"Gleaning precise locations from mobile phones and other devices is
valuable to the Ministry of State Security for monitoring dissidents as
well as foreigners," the official said. "Overseas, it can be valuable to
keep track of where your own people are going, as well as keeping track
of foreigners’ movements, whether they're government or commercial."
The official said that data collected by Moody’s could be used to help
identify businesses and people that might be vulnerable to commercial or
government exploitation, blackmail or bribery.
Representatives for the three defendants and the Chinese company could
not immediately be identified to seek comment on the charges.
The company's website was down on Tuesday. An archived copy of the site
from 2016 listed Chinese telecommunications and technology company
Huawei as a partner.
A Huawei spokesman said the indictment had nothing to do with the
Shenzhen-based company. "The issue has no relation to Huawei," the
The indictment was filed in September, and the Chinese government has
been aware of it, prosecutors said.
In 2015, then-U.S. President Barack Obama and Chinese President Xi
Jinping reached an agreement prohibiting both countries from stealing
intellectual property for the benefit of domestic firms. The U.S.
officials said classified intelligence indicates that Chinese hackers
recently have begun violating the deal more frequently.
The hacking group described in the indictment has been active since
2007, said Adam Meyers, a researcher with cyber firm CrowdStrike.
The group, known to some cyber researchers as "Gothic Panda," was active
as of September, Meyers said. It has targeted aerospace and defense,
chemical, energy, financial, healthcare, industrial and transportation
firms in Britain, France, Hong Kong, the United States and other western
nations, he said.
Trimble said no client data was breached in the hack.
"Trimble responded to the incident and concluded that there is no
meaningful impact on its business," the company said in a statement.
A Siemens representative declined comment on the details of the hack,
saying the company does not discuss "internal security matters."
A Moody's spokesman said the firm worked closely with investigators, and
"to our knowledge, no confidential customer data or other personal
employee information was compromised."
(Reporting Nick Keppler in Pittsburgh and Karen Freifeld in New York;
Additional reporting by David Alexander in Washington, Georgina Prodhan
in London, Christian Shepherd in Beijing and Jeremy Wagstaff in
Singapore; Writing by Jim Finkle in Toronto; editing by Grant McCool and
[© 2017 Thomson Reuters. All rights
Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.