International espionage isn’t always about sophisticated malware and zero-day bugs. Sometimes it’s as simple as pretending to be someone else asking for a favor.
For four years, a Chinese aerospace engineer did just that. Dozens of researchers at NASA, the US military, and major universities handed him exactly what he asked for, and possibly violated US laws in the process.
His name is Song Wu. He’s been on the FBI’s wanted list since September 2024, charged with 14 counts of wire fraud and 14 counts of aggravated identity theft, and he’s still at large.
Wu’s day job was as an engineer at the Aviation Industry Corporation of China (AVIC), a Beijing-headquartered state-owned aerospace and defense conglomerate with over 400,000 employees. The US has AVIC and several subsidiaries on a sanctions list.
His side hustle was simpler. From January 2017 through December 2021, Wu set up email accounts impersonating real US researchers and engineers, then emailed their colleagues asking for source code and proprietary software. He targeted employees at NASA, the Air Force, Navy, Army, and FAA, and faculty at universities across the US.
When software is a weapon
The applications Wu was after handle aerospace engineering and computational fluid dynamics. It’s the kind of intellectual property that helps develop advanced tactical missiles and evaluate weapons performance, and it sits squarely inside US export controls, according to NASA’s Office of the Inspector General. Sharing it with the wrong person, even by accident, is a federal problem.
Some victims did transmit the requested code. They were, in the OIG’s careful phrasing, “unwittingly” violating export control law.
How a four-year campaign finally broke
It wasn’t a firewall that caught Wu. It was a tip.
NASA’s Cyber Crimes Division got a report that someone had set up a Gmail account claiming to be an established aerospace professor who frequently collaborated with NASA. From that single thread, investigators unwound a campaign that had quietly targeted dozens of researchers across the federal government and academia.
The OIG also noted the giveaways: Wu asked for the same software multiple times and never explained why he needed it. Those are tells that anyone could have spotted on a slow afternoon if they’d been looking.
Hellbound and Down 