NASA's Office of the Inspector General has uncovered a case of digital espionage in which a Chinese citizen, posing as an American researcher, executed a targeted phishing campaign. The goal was to steal sensitive information from the space agency, as well as from universities and private companies, violating export control laws for years.
Social engineering applied against defense systems 🛡️
The attack targeted engineers and scientists through emails with malicious links. NASA employees, deceived by the false identity, provided credentials without verification. U.S. defense software was the target, exploiting trust in academic and government networks. This method, though simple, managed to evade security controls for years until it was detected.
The art of being someone else: a manual for novice spies 🕵️
It seems modern espionage doesn't require movie gadgets, just a good fake profile and a convincing email. While NASA watched space, someone slipped into their inbox with the subtlety of an encyclopedia salesman. The most ironic part is that to steal defense secrets, it was enough to pose as a hallway colleague.