A Chinese national ran a spear-phishing campaign by posing as a U.S. researcher and tricked NASA staff into sharing sensitive information, with the NASA Office of Inspector General and federal partners uncovering the scheme that also targeted government agencies, universities, and private firms.
Investigators say Song Wu impersonated a trusted aerospace professor to obtain export-controlled software and source code used for aerospace engineering and computational fluid dynamics, allegedly to access software that could be used for industrial and military applications such as missile development and weapons design. Between 2017 and 2021, he targeted dozens of victims across NASA, the U.S. military, government agencies, universities, and private firms.
According to DoJ press release published by DoJ in 2024, Song allegedly engaged in a multi-year spear-phishing campaign and faced charges including wire fraud and aggravated identity theft, with up to 20 years per fraud count plus a two-year sentence for identity theft; he remains at large and there is a federal warrant for his arrest. In September 2024, he was indicted on 14 counts of wire fraud and 14 counts of aggravated identity theft following a joint NASA OIG and FBI investigation.