The hackers used a combination of phishing schemes, malware, domain hijacking and using the company's own website as a "watering hole," stealing visitor information and infiltrating their computers. The malware installed on the French company's Suzhou office was the Sakula malware, which was also used in Anthem, OPM, and other attacks. And another hacker's nickname, Gao "mer4en7y" Hong Kun, has been linked to Winnti, a Chinese state-sponsored group known for IP theft operations according to a 2013 report by Kaspersky.
The two Jiangsu Province Ministry of State Security (JSSD) officers are Tian Xi and Gu Gen. They allegedly worked together with six hackers and two insiders at the unnamed French aerospace manufacturer's office in Suzhou, Jiangsu, China. As noted by Reuters, considering that Safran SA is France's only turbofan engine maker, and has been working with General Electric, it's likely that these are two companies affected. The companies have been working on LEAP, a new engine used to power the largest type of airbuses. In the report only Los Angeles-based Capstone Turbine was mentioned by name.
"State-sponsored hacking is a direct threat to our national security," said U.S. Attorney Adam Braverman. "The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products."
On October 10th, the Justice Department announced that JSSD officers had been extradited to the Southern District of Ohio on charges of stealing trade secrets. None of the suspects are in US custody.