Cyber Incident Victim: Goddard Space Flight Center
Date:
Jan 2006
Location:
China
Summary
Chinese state-sponsored hackers associated with the APT10 group infiltrated a U.S. space research center and numerous technology firms through sustained cyber espionage campaigns. Operating under China's Ministry of State Security, the attackers compromised managed service providers to access sensitive networks, stealing intellectual property and confidential data across critical sectors including satellite technology, aviation, healthcare, and energy. The breach at the NASA facility formed part of broader operations targeting over 45 companies and government agencies, resulting in the theft of hundreds of gigabytes of proprietary information spanning industrial automation, telecommunications, and biotechnology over more than a decade.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
The indictment unsealed on December 20, 2018, charged Chinese nationals Zhu Hua and Zhang Shilong with conspiracy to commit computer intrusions, wire fraud, and aggravated identity theft as members of the Advanced Persistent Threat 10 (APT10) hacking group. Operating since at least 2006 through 2018 in association with China’s Ministry of State Security Tianjin State Security Bureau, the defendants conducted coordinated cyber intrusion campaigns targeting intellectual property and confidential business data across multiple continents. Their operations involved registering IT infrastructure to facilitate unauthorized access to victim networks, with two primary campaigns identified: the Managed Service Provider (MSP) Theft Campaign beginning around 2014 and the Technology Theft Campaign initiated as early as 2006. The MSP campaign compromised providers managing IT infrastructure for global businesses and governments, exploiting their networks to laterally access client systems and exfiltrate sensitive data. Concurrently, the Technology Theft Campaign breached over 45 technology companies across at least twelve U.S. states and multiple U.S. government agencies, extracting hundreds of gigabytes of proprietary information.
Victimized entities spanned aviation, satellite and maritime technology, industrial automation, telecommunications, healthcare, biotechnology, and oil and gas exploration sectors. The group utilized aliases including "Red Apollo," "Stone Panda," and "POTASSIUM," with Zhu and Zhang operating through Huaying Haitai, a front company in Tianjin. Intrusions targeted sensitive research and development data, including computer processor designs, satellite systems, and pharmaceutical manufacturing processes. U.S. authorities documented thefts from entities involved in space technology and satellite operations, though specific agency names beyond the broad "U.S. government agencies" designation were not disclosed in the indictment. The Justice Department’s charges outlined a decade-long pattern of economic espionage benefiting Chinese state interests, culminating in the 2018 indictment following collaborative investigations by the FBI and international law enforcement partners. No operational disruptions or containment measures at victim organizations were detailed in the unsealed court documents.