Menu
Browse

Cyber Threat Actor: Xia Lei

Actor Type Location Known Incidents
 Icon
Spy
China
3 incidents
Profile

The threat actor known bythe alias Xia Lei is a Chinese national who was employed by the China‑based cybersecurity firm Boyusec. Together with two compatriots, he participated in a series of computer intrusions that were investigated and prosecuted by the United States Department of Justice. The individuals were charged with conspiracy, computer hacking, theft of trade secrets, and identity theft. Their affiliation with Boyusec placed them within a private security company that ostensibly provides defensive services while they conducted offensive operations. The actor’s location is consistently identified as China in the public record.

The intrusions primarily targeted corporations operating in the financial, engineering, and technology sectors. Victims cited in the indictments include Moodys Analytics, Siemens, and Trimble Inc., all of which suffered unauthorized access to their internal networks. The actors sought to obtain sensitive internal documents, communications, and trade secrets that could provide a commercial advantage to the sponsors of the operation. While the geographic scope of the targeting is not exhaustively listed, the publicly disclosed cases involve companies with substantial presence in the United States. The strategic objective, as stated in the charges, was to acquire proprietary business information for economic gain rather than to cause disruption or destruction.

The tactics described in the case files revolve around identity theft against employees, which facilitated the establishment of footholds within victim networks. Once inside, the actors maintained prolonged unauthorized access through continued computer hacking and the exploitation of legitimate credentials. No specific malware families or custom tooling are mentioned in the available sources; the emphasis is on the use of stolen identities and direct intrusion techniques. The campaigns against Moodys Analytics, Siemens, and Trimble Inc. are presented as representative examples of the multi‑year espionage effort that resulted in the theft of trade secrets and confidential communications. The legal outcome underscored the prosecution’s assertion that the activity was conducted for commercial advantage and violated both the Computer Fraud and Abuse Act and economic espionage statutes.

Incidents
Attributed incidents available to members
3 incidents
Sources
Sources available to members
0 sources