Cyber Threat Actor: Su Bin

Su Bin, alsoknown as Stephen Su, is a Chinese businessman and aerospace executive who has been publicly identified in connection with cyber intrusions against United States defense contractors. He holds an executive position at a Chinese aerospace company that maintains offices in Canada. His aliases appear in law enforcement announcements and media reports detailing the case. He was arrested by the Royal Canadian Mounted Police in British Columbia in June 2014, acting in cooperation with the Federal Bureau of Investigation. The arrest followed an investigation that linked him to a series of unauthorized accesses to corporate networks beginning in 2009.

The intrusions targeted major aerospace and defense firms, specifically Boeing, Lockheed Martin and other cleared defense contractors, with the goal of obtaining sensitive military aircraft data. According to the United States Department of Justice, the stolen information included details on the F-22 and F-35 fighter programs as well as the C-17 cargo plane initiative. Su Bin’s role was to assist unidentified co-conspirators based in China in determining what data to extract from the compromised systems. The operation was conducted via remote access from China to the victims’ computer networks, a method described in the indictment as gaining remote access to information residing on US company systems. No specific malware families or exploit tools are mentioned in the publicly available sources. The operation was described by Su Bin himself in an email where he stated that the acquired data would allow Chinese aircraft designers to “stand easily on the giant’s shoulders” and to rapidly catch up with United States defense technology levels.

The alleged activity spanned from 2009 to 2013, during which the group reportedly collected and transferred proprietary aerospace information to benefit Chinese aviation development. The indictment characterizes the conduct as a conspiracy to hack major US defense contractors for the purpose of advancing Chinese military and civilian aircraft capabilities. Following his arrest in Canada, Su Bin faced extradition proceedings to the United States where he was charged with conspiracy to commit unauthorized access to protected computers and theft of trade secrets. The case highlights the use of individuals with aerospace industry expertise to facilitate cyber espionage against strategic sectors. He ultimately entered a guilty plea, resulting in a sentence that reflected the severity of the economic espionage involved. This case remains one of the few publicly documented instances where a Chinese aerospace executive was directly linked to the theft of classified defense contractor data through cyber means.