Cyber Threat Actor: Dong Hao
| Actor Type | Location | Known Incidents |
Spy
|
China
|
3 incidents |
|---|
Profile
Dong Hao is the known alias used by a group of three Chinese nationals who were employed by the China‑based cybersecurity firm Boyusec. The individuals operated from China and were identified by U.S. authorities as conducting prolonged cyber intrusions against private sector entities. Their activities were characterized as computer hacking, identity theft, conspiracy, and the theft of trade secrets, all carried out to obtain commercial advantage for themselves and their affiliated firm. The U.S. Department of Justice charged them with multiple offenses following an extensive investigation that uncovered a multi‑year campaign of unauthorized network access.
The actors primarily targeted corporations in the financial, engineering, and technology sectors, seeking to exfiltrate sensitive internal documents, communications, and proprietary business information. Victims included Moodys Analytics, Siemens, and Trimble Inc., among others, where the hackers maintained persistent access over several years to collect trade secrets and employee data. Their strategic objective was clearly articulated in the indictments as gaining a commercial edge through the illicit acquisition of confidential corporate information, rather than disruption or pure financial gain. The intrusions involved the use of identity theft techniques to compromise employee credentials and facilitate deeper penetration of victim networks.
Attribution links the threat actor directly to Boyusec, a cybersecurity company headquartered in China, and to the three Chinese nationals who carried out the operations. No explicit connection to a state sponsor or broader criminal consortium is presented in the publicly available sources; the affiliation is limited to their employment at Boyusec and their Chinese nationality. The case was prosecuted in the United States, highlighting the cross‑border nature of the activity and the legal response to the theft of trade secrets and related computer crimes. The publicly reported operations serve as representative examples of the actor’s methodology, illustrating sustained espionage‑style intrusions aimed at corporate intellectual property.
