Cyber Incident Victim: Moody's Analytics
Date:
Nov 2017
Location:
United States of America
Summary
Three Chinese nationals employed by China-based cybersecurity firm Boyusec conducted a multi-year cyber espionage campaign targeting corporations in the financial, engineering, and technology sectors, including Moodys Analytics. The hackers maintained unauthorized access to corporate networks, stealing sensitive internal documents, communications, and trade secrets while employing identity theft against employees. Their activities, aimed at commercial advantage, involved coordinated computer intrusions that compromised proprietary business information. The U.S. Department of Justice prosecuted the case, charging the individuals with conspiracy, computer hacking, theft of trade secrets, and identity theft following an extensive investigation into the breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
On November 27, 2017, the U.S. Department of Justice unsealed an indictment charging three Chinese nationals—Wu Yingzhuo, Dong Hao, and Xia Lei—with conducting cyber intrusions targeting three multinational corporations between 2011 and May 2017. The defendants, all residents of China, were employed by Guangzhou Bo Yu Information Technology Company Limited (Boyusec), a firm purportedly operating in China’s internet security sector. The indictment alleged the hackers conspired to infiltrate victim organizations in the financial, engineering, and technology industries, with Moody’s Analytics identified among the affected entities in subsequent reporting. Their operations involved maintaining unauthorized access to corporate networks to systematically steal sensitive internal documents, proprietary communications, and trade secrets. The group used compromised credentials and identity theft techniques to target employees across U.S. and international offices of the victim companies.
The hacking campaign spanned nearly six years before being disrupted through investigative actions culminating in the 2017 charges. Prosecutors accused the defendants of exfiltrating confidential business information for commercial advantage, though specific technical methods or data volumes were not disclosed in the indictment. Legal proceedings were led by the U.S. Attorney’s Office for the Western District of Pennsylvania and the National Security Division’s Counterintelligence and Export Control Section, with Assistant U.S. Attorney James T. Kitchen and Department of Justice attorneys Jessica Romero and Jennifer Kennedy Gellie managing the prosecution. The case highlighted persistent threats to corporate intellectual property from state-affiliated cyber actors, though the indictment did not formally attribute the attacks to Chinese government entities. Moody’s Analytics and the other victim corporations cooperated with law enforcement during the investigation, which resulted in formal charges but no public reports of operational disruptions or financial losses directly tied to the breaches. The judicial process remained ongoing as of the latest available case updates.