Investigation into a phishing campaign targeting employees of NASA and other US organisations

The investigation published by NASA concerns a spear-phishing campaign carried out between 2017 and 2021, in which a Chinese national identified as Song Wu is alleged to have used false identities. According to official information, the fraudulent messages masqueraded as legitimate communications from researchers or the victims’ known contacts with the aim of building trust and gaining access to software, source code and other restricted technical information. 
According to details published by NASA’s Office of the Inspector General, some of the victims shared software or technical documentation believing they were collaborating with legitimate researchers, when in fact they were interacting with those behind the campaign. The investigation found that the attempts to obtain information affected NASA employees, members of other US government agencies, universities and private companies linked to the aerospace and defence industries. In response, NASA’s Office of the Inspector General collaborated with other federal agencies in investigating the case, which contributed to the US Department of Justice bringing charges against Song Wu.
The case is currently being dealt with by the courts and is under investigation by the US authorities. NASA has not publicly reported a breach of its systems or a technical incident that directly compromised its infrastructure, but has focused its communications on the investigation of a deception campaign targeting individuals linked to the organisation and other strategic sectors. The investigation led to the identification of the alleged perpetrator and supported the legal proceedings initiated by the Department of Justice.