Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software
A Chinese national posed as a U.S. researcher, tricking NASA staff in a phishing campaign to steal sensitive data tied to defense software and exports. A Chinese national ran a spear-phishing campaign by posing as a U.S. researcher and tricked NASA employees into sharing sensitive information. The NASA Office of Inspector General (OIG) and federal […]
A Chinese national ran a spear-phishing campaign by posing as a U.S. researcher and tricked NASA employees into sharing sensitive information. The NASA Office of Inspector General (OIG) and federal partners discovered the scheme that also targeted government agencies, universities, and private firms.
U.S. export controls limit sharing sensitive technology, and NASA’s OIG enforces them to protect critical data and defense-related assets. Investigators uncovered a long-running phishing scheme in which Chinese national Song Wu impersonated a trusted aerospace professor to trick targets into sharing export-controlled software and source code. Between 2017 and 2021, he targeted dozens of victims across NASA, the U.S. military, government agencies, universities, and private firms.
Related breach coverage
- China-linked hackers led phishing campaigns targeting journalists and activists, researchers say2026-04-28
The aim of the campaigns was to steal credentials and likely enable “follow-on operations in the interest of the Chinese government,” the report said.
- Signal Phishing Campaign Targets German Officials in Suspected Russian Operation2026-04-28
Suspected Russian phishing via Signal targeted German officials, exploiting trust to access accounts and sensitive political communications. A new wave of cyber operations targeting European political leadership is once again highlighting how modern espionage increasingly relies on deception rather than technical exploits. Recent investigations by German authorities point to a large-scale phishing campaign conducted via […]
- Italy extradites alleged Chinese state hacker to US2026-04-27
A Chinese national accused of being a member of a state-backed hacking group that allegedly broke into systems to steal COVID-19 vaccine information has been extradited to the U.S. from Milan.
- New Bluekit phishing service includes an AI assistant, 40 templates2026-04-30
A new phishing kit named Bluekit offers more than 40 templates targeting popular services and includes basic AI features for generating campaign drafts. [...]