Menu
Browse

Cyber Threat Actor: Lu Wei

Actor Type Location Known Incidents
 Icon
Nation State
China
1 incident
Profile

The threat actor known by the alias Lu Wei is associated with operations originating from China. This alias appears in public reporting linking the actor to a specific cyber incident in early 2015. No additional aliases or detailed biographical information about Lu Wei are provided in the source material. The actor’s location is explicitly noted as China, based on the contextual details of the attributed attack. The limited public record restricts the actor profile to the information available from the cited incident.

The incident dated 2015-01-19 involved a man-in-the-middle attack targeting Microsoft Outlook’s IMAP and SMTP services within China. Users were presented with a deceptive pop‑up warning that, if clicked, could expose their email contents, contacts, and passwords. The attack persisted for approximately one day and was part of a broader pattern of similar intrusions against other foreign email providers operating in the country. The timing of the intrusion coincided with heightened censorship efforts aimed at directing users toward government‑monitored local communication services. The method relied on fraudulent certificate warnings rather than malware, indicating a manipulation of trust mechanisms as the primary tooling approach. No specific malware families, exploit kits, or custom tooling are referenced in the available reporting for this actor.

Attribution of the activity to Chinese authorities was made publicly by the watchdog organization Greatfire, which alleged involvement or complicity of state entities. This attribution represents the only explicit link between the Lu Wei alias and a state‑nexfaced actor in the source material. Microsoft acknowledged that the impact on customers was limited and advised users encountering certificate warnings to contact their internet service providers. Critics of the incident urged skepticism toward certificate authorities linked to China, highlighting concerns about trust in the broader ecosystem. The 2015 Outlook MITM case stands as the sole publicly reported operation that can be confidently associated with Lu Wei based on the evidence presented. Consequently, the profile remains confined to the facts of this single incident, with no further campaigns, sectors, or technical details disclosed in the source.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources