Menu
Browse

Cyber Threat Actor: Wu Yingzhuo

Actor Type Location Known Incidents
 Icon
Spy
China
3 incidents
Profile

Wu Yingzhuo is an aliasused by one of three Chinese nationals who were employed by the China‑based cybersecurity firm Boyusec and later charged by U.S. authorities for conducting a prolonged cyber espionage campaign. The individuals operated from China and were accused of conspiring to gain unauthorized access to the networks of multiple corporations in the financial, engineering and technology sectors. Their primary objective, as stated in the indictments, was to obtain a commercial advantage by stealing proprietary business information, internal documents, communications and trade secrets while also engaging in identity theft against employees of the victim organizations. The activity spanned several years and involved maintaining persistent footholds within compromised environments to facilitate the exfiltration of sensitive data.

The hackers relied on conventional computer intrusion techniques rather than custom malware, using stolen credentials and identity theft to masquerade as legitimate users and to move laterally inside victim networks. By assuming the identities of employees they were able to bypass authentication controls and maintain long‑term access without raising immediate alarms, which allowed them to harvest confidential files, internal correspondence and strategic planning documents. The indictments describe the conduct as a conspiracy to commit computer hacking, theft of trade secrets and identity theft, highlighting that the actors coordinated their efforts across multiple targets to maximize the volume of expropriated information. Publicly reported cases illustrate the scope of the activity, including intrusions at Moodys Analytics where financial data and analytical models were targeted, at Siemens where engineering designs and project details were sought, and at Trimble Inc. where technology‑focused intellectual property was taken, alongside similar incursions into other firms operating in the financial, engineering and technology arenas. Although the individuals are identified as Chinese nationals working for a cybersecurity company based in China, the publicly available charges do not assert a direct sponsorship or directive from any state entity, and the attribution remains limited to their personal affiliation with Boyusec and their national origin. The cases demonstrate how individuals with legitimate security expertise can repurpose their skills for illicit gain, resulting in significant economic harm to the victim companies through the loss of competitive advantage and the exposure of sensitive internal communications.

Incidents
Attributed incidents available to members
3 incidents
Sources
Sources available to members
0 sources