Cyber Incident Victim: Trimble Inc.
Date:
Jan 2011
Location:
United States of America
Summary
Three Chinese nationals affiliated with the cybersecurity firm Boyusec were charged with hacking into a technology corporation, Trimble Inc., along with other entities in the financial and engineering sectors, to steal sensitive internal documents and communications. The defendants conspired to maintain unauthorized access to corporate systems, compromising trade secrets and engaging in identity theft targeting employees. U.S. authorities prosecuted the case, alleging the hackers operated for commercial advantage over an extended period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 4 actors | Available to members | Available to members |
Description
The U.S. Department of Justice unsealed an indictment on November 27, 2017, charging three Chinese nationals—Wu Yingzhuo, Dong Hao, and Xia Lei—with conspiracy to commit computer hacking, theft of trade secrets, and identity theft targeting three corporations in the financial, engineering, and technology sectors. The defendants, employed by Guangzhou Bo Yu Information Technology Company Limited (Boyusec), a China-based internet security firm, engaged in unauthorized intrusions between 2011 and May 2017. Their activities involved compromising computers belonging to U.S. and foreign employees of the victim companies, including Trimble Inc., to steal sensitive internal documents and communications. The hackers maintained persistent access to corporate networks, systematically extracting proprietary information intended for commercial advantage. The indictment did not specify the exact technical methods of intrusion but characterized the campaign as a coordinated effort to exploit corporate systems over a six-year period. Targeted data included confidential business communications and trade secrets, indicating an objective to benefit economically from stolen intellectual property. The prolonged duration of the attacks suggests the actors operated with significant operational security to evade detection.
The U.S. government attributed economic harm to the victim corporations through the loss of proprietary information, though the indictment did not quantify specific financial damages. Legal proceedings were initiated in the Western District of Pennsylvania, with Assistant U.S. Attorney James T. Kitchen leading the prosecution alongside National Security Division attorneys Jessica Romero and Jennifer Kennedy Gellie. The charges underscored the involvement of state-affiliated actors, as Boyusec’s purported status as an internet security firm contrasted with its alleged role in facilitating industrial espionage. No technical mitigation measures or victim remediation efforts were detailed in the unsealed court documents. The case remained pending as of the latest update on February 5, 2025, with no public resolution disclosed. The indictment highlighted the transnational nature of the threat, emphasizing legal and diplomatic challenges in prosecuting foreign nationals residing in China.