Researchers at the Cybersecurity and Infrastructure Security Agency (CISA) have uncovered suspected Russian hackers in a U.S. satellite network. The attack was carried out by the notorious Russian military group Fancy Bear or APT28, on a satellite communications provider with customers in U.S. critical infrastructure sectors. The incident was discovered earlier this year after CISA received a tip about suspicious network activity. The discovery has raised concerns about Moscow’s intentions to infiltrate and disrupt the rapidly expanding space economy. This article explores the details of the attack, the vulnerabilities of satellite systems, and the efforts being made to improve security.
The Threat Posed by Fancy Bear
Fancy Bear, also known as APT28, is a Russian military hacking group that has been linked to a wide range of cyberattacks over the years. The group is believed to be responsible for the 2016 hack of the Democratic National Committee and the 2018 cyberattack on the Winter Olympics. The group is also known for its sophisticated tactics, including the use of zero-day exploits and spear-phishing attacks.
In the recent attack on the U.S. satellite network, Fancy Bear exploited a 2018 vulnerability found in an unpatched virtual private network (VPN). This gave the hackers access to all the credentials with active sessions, allowing them to move around the system more easily. The targeted satellite communications provider also used the same credentials for “emergency” accounts as ordinary ones, making it easier for the hackers to infiltrate the system.
Vulnerabilities of Satellite Systems
Satellite systems are a critical component of modern communication infrastructure, and they are used for everything from GPS navigation to military communication. However, as the recent attack on the U.S. satellite network demonstrates, satellite systems are vulnerable to cyberattacks.
One of the biggest vulnerabilities of satellite systems is the lack of standards in the industry. This means that there is no consistent approach to security, leaving many systems vulnerable to attack. In addition, the rapid increase in entrants to the market means that many companies may not be placing sufficient focus on security, particularly as they aim for high-paced manufacturing while keeping costs low by relying on commercial parts.
Efforts to Improve Space Security
Efforts are being made to improve space security and create technical cybersecurity standards for space technology at the Institute of Electrical and Electronics Engineers and the International Organization for Standardization. However, these initiatives will take years to develop.
CISA has argued in the past that space technology should be designated critical infrastructure, which would give the industry greater access to intelligence sharing mechanisms and disaster planning resources. However, this idea has not gained much momentum.
The recent attack by Fancy Bear on the U.S. satellite network highlights the vulnerability of satellite systems and the need for greater security measures. With the growing importance of space technology in critical infrastructure and military communication, it is essential that the industry take steps to improve its security posture. This will require greater standards and consistency in security practices, as well as a more concerted effort to designate space technology as critical infrastructure.