Cyber Incident Victim: Siemens Energy
Date:
Jan 2011
Location:
China
Summary
Three Chinese nationals affiliated with the China-based cybersecurity firm Boyusec were charged by U.S. authorities for conducting cyber intrusions targeting multiple corporations, including Siemens, to steal sensitive internal documents, communications, and trade secrets. The hackers maintained unauthorized access to victim networks over several years, employing tactics such as computer hacking, identity theft, and conspiracy to compromise employees and systems across the financial, engineering, and technology sectors. Their activities aimed at securing commercial advantage through the theft of proprietary business information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
Between 2011 and May 2017, three Chinese nationals employed by Guangzhou Bo Yu Information Technology Company Limited (Boyusec)—Wu Yingzhuo, Dong Hao, and Xia Lei—engaged in a sustained cyber intrusion campaign targeting three multinational corporations, including Siemens, operating in the financial, engineering, and technology sectors. The U.S. Department of Justice indictment alleges the defendants conspired to compromise corporate networks, maintain unauthorized access, and systematically steal sensitive internal documents, communications, and trade secrets. These intrusions specifically targeted U.S. and foreign employees and computer systems belonging to the victim companies. The hackers employed techniques including computer hacking and identity theft to facilitate their operations, though the indictment does not specify the exact initial access vectors or malware used against Siemens. The campaign persisted undetected for nearly six years, indicating a high degree of operational security and persistence by the threat actors.
The theft of proprietary information and trade secrets from Siemens and the other corporations was conducted for commercial advantage, according to U.S. authorities. While the precise technical scope of the Siemens compromise—such as specific systems accessed or volume of data exfiltrated—was not detailed in the unsealed indictment, the prolonged duration of access suggests significant opportunities for intellectual property theft. The U.S. government publicly disclosed the charges in November 2017, unsealing the indictment and identifying Boyusec’s alleged role in the corporate espionage. Assistant U.S. Attorney James T. Kitchen of the Western District of Pennsylvania, along with National Security Division attorneys Jessica Romero and Jennifer Kennedy Gellie, led the prosecution. The legal action highlighted the transnational nature of the threat, though no information was provided regarding Siemens’ internal detection mechanisms, incident response actions, or specific containment measures taken during or after the breach. The case underscored the persistent risks posed by state-affiliated or state-tolerated cyber espionage groups targeting industrial technology sectors.