A Chinese national is accused of spending years impersonating American engineers to trick NASA employees, military researchers, and university scientists into handing over restricted defense software. Separately, a NASA contractor’s employee has admitted to smuggling U.S. Army helicopter software to a Chinese university with deep ties to Beijing’s military establishment. As of May 2026, one defendant remains on the FBI’s wanted list and the other awaits sentencing, and together the cases have exposed alarming weaknesses in how the United States protects some of its most sensitive aerospace technology.
The phishing campaign that targeted NASA and the Pentagon
According to a federal indictment unsealed in September 2024 in the Northern District of Georgia, Song Wu, a Chinese national, ran a multi-year spear-phishing campaign designed to steal specialized, export-controlled software and source code from U.S. government agencies and their partners. Prosecutors say Wu created fake email accounts that mimicked real American engineers and researchers, then used those personas to request proprietary programs directly from targets at NASA, the U.S. Air Force, Navy, Army, the Federal Aviation Administration, major research universities, and private aerospace companies.
“This was not a one-off phishing email,” a senior DOJ official said at the time of the indictment. “It was a calculated, long-running campaign to obtain technology that is critical to our national defense.”
The NASA Office of Inspector General has confirmed that its own investigators helped uncover the scheme, describing it as a “long-running” operation in which victims were deceived into emailing export-controlled material to someone they believed was a colleague. The OIG’s account aligns with the DOJ’s indictment, though neither agency has disclosed which specific software programs, if any, Wu successfully obtained.
A federal arrest warrant has been issued, and Wu appears on the FBI’s cyber wanted list. He is believed to be outside the United States, and no public information suggests that foreign governments have been asked to assist with his detention or extradition. As of May 2026, the case remains open, with no trial date on the horizon.
The insider who smuggled Army helicopter software to Beijing
In a separate case out of the Northern District of California, a Castro Valley, California, resident identified in court filings as Soong pleaded guilty to charges of smuggling and unlicensed export of defense technology in violation of the International Emergency Economic Powers Act. Soong worked as a program administrator for the Universities Space Research Association, a NASA contractor, and admitted to illegally exporting U.S. Army rotorcraft flight-control software known as CIFER to Beihang University in Beijing. The charges carry a potential sentence of up to 20 years in federal prison.
CIFER is a specialized tool used to analyze and optimize helicopter flight-control systems. Beihang University, sometimes called the Beijing University of Aeronautics and Astronautics, is one of China’s so-called “Seven Sons of National Defense,” a group of universities with longstanding institutional ties to the People’s Liberation Army. The Commerce Department placed Beihang on its Entity List, meaning any transfer of controlled American technology to the school requires a specific federal license. No such license was ever obtained.
Prosecutors say Soong used a former Beihang professor as an intermediary to route the software around export restrictions between April 2017 and September 2020. The guilty plea confirmed that the transfers were willful, not accidental, and each unlicensed export constituted a separate violation under IEEPA.
USRA, Soong’s employer, self-reported the violations to federal authorities after discovering them internally. The Department of Justice credited the organization’s voluntary disclosure, cooperation with investigators, and remedial steps, and formally declined to prosecute USRA itself. That decision effectively separated the company’s liability from the criminal conduct of its employee. As of April 2026, Soong awaits sentencing, though the DOJ has not publicly announced a date.
What investigators still do not know
Both cases leave significant gaps in the public record. In the Song Wu matter, prosecutors have not revealed whether any of the phishing attempts actually succeeded in extracting usable software. The indictment describes the campaign in broad terms, referencing “specialized restricted or proprietary software and source code” without naming individual programs. Whether Wu operated alone or as part of a larger network has not been addressed in any public filing.
In the Soong case, the DOJ’s declination letter confirmed the illegal exports but did not detail what Beihang University intended to do with CIFER or whether the software was ever integrated into Chinese military programs. Beihang has not publicly responded to the allegations. Without that information, it is impossible to measure the downstream damage to U.S. national security.
Questions also linger about oversight failures at USRA. The unlicensed exports continued for more than three years before the organization caught them. The DOJ has praised USRA’s eventual cooperation, but the declination documents do not explain how repeated transfers to an Entity List institution went undetected for so long, or whether anyone beyond Soong was aware of the activity while it was happening.
A pattern of Chinese targeting of U.S. aerospace secrets
The Wu and Soong cases do not exist in isolation. U.S. counterintelligence officials have for years warned that China operates one of the most aggressive state-sponsored espionage programs in the world, with American aerospace and defense technology among its highest-priority targets. FBI Director Christopher Wray has repeatedly stated that the bureau opens a new China-related counterintelligence investigation roughly every 10 hours. The Department of Justice’s “China Initiative,” launched in 2018 and later rebranded as a broader “Strategy for Countering Nation-State Threats,” produced dozens of prosecutions involving alleged theft of trade secrets, export-control violations, and economic espionage linked to Chinese government entities or affiliated universities.
Against that backdrop, the Wu indictment and Soong guilty plea fit a well-documented pattern: Chinese nationals or U.S.-based insiders with ties to Chinese institutions exploiting gaps in export-control compliance and cybersecurity protocols to move restricted American technology overseas. The cases reinforce what federal prosecutors and national-security analysts have described as a dual-track threat, combining traditional insider recruitment with increasingly sophisticated cyber-enabled collection.
What defense contractors and researchers should watch for next
Federal enforcement agencies are increasingly treating insider-facilitated exports and social-engineering attacks as two faces of the same threat. The Soong case shows that an employee with legitimate access can quietly move restricted technology overseas for years before anyone notices. The Wu indictment illustrates how an external actor, armed with nothing more than a convincing email, can exploit the trust that holds professional research networks together.
For defense contractors, aerospace researchers, and universities that collaborate with international partners, the practical takeaways are concrete. The USRA outcome demonstrates that organizations can avoid corporate prosecution by detecting violations early, self-reporting, and taking genuine corrective action. But it also makes clear that individual employees who bypass export controls face serious criminal consequences, including federal prison time under IEEPA.
The Wu case, meanwhile, is a reminder that phishing campaigns targeting cleared professionals are not hypothetical. Verifying the identity behind unexpected software requests, flagging unusual communications to security teams, and coordinating quickly with law enforcement when something looks wrong are no longer optional best practices. They are front-line defenses in what U.S. authorities have made clear they view as a national-security priority: keeping American aerospace and defense technology out of unauthorized hands.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
