Coverage of the Dozor-Teleport Attack

On June 28-29, 2023, a series of messages on a Telegram channel claimed a large-scale cyber attack against Dozor-Teleport. Along with the claim messages, numerous files to download, an audio recording, and several screenshots were made available. The attacker(s) claimed affiliation with the Wagner Group without providing any additional evidence.

The information was first picked up on Twitter by pro-Ukrainian accounts. It quickly leaked to numerous cybersecurity news sites worldwide. Within 12 hours, major news outlets such as The Washington Post reported the information. Within 24 hours, the information was present on a range of media platforms.

During this dissemination, the information underwent a true game of “Chinese whispers.” The initial articles simply reproduced the information as it was published on Twitter or Telegram, barely mentioning that it was what the attackers claimed. Subsequently, various media outlets started amplifying the information. Headlines suggested that a Russian military hashtag#satellite network had been hacked before articles began appearing about hacked Russian military communication satellites.

In general, several issues continue to arise regarding the treatment of information about attacks in the space domain:

1️Once the word “satellite” is mentioned, the information suddenly gains interest in terms of cybersecurity. The reason is simple: the combination of space and cyber can quickly evoke fascination. The downside is that sensationalist headlines often multiply.

There is a clear lack of perspective regarding information related to cyberattacks. The need to be the first to publish information (which is understandable) leads to approximate or poorly verified information spreading rapidly.

The study and questioning of sources are rarely emphasized. Many press articles simply republish what has already been said without verifying the primary source of the information. As a result, basic information quickly becomes considered as true. For example, based on a given analysis on Twitter, it has been repeated by numerous media outlets that it was the first attack on a satellite provider since Viasat, which is false.

In the era of OSINT (Open-Source Intelligence), the amount of available information is considerable, but there is a lack of necessary reflection for understanding the information. Consequently, certain major cyberattacks that occurred over a year ago, such as the Viasat hashtag#attack, remain particularly vague in both their execution and impact.

#spacecybersecurity  #satellite  #cyber

“Your system has been officially WAN***”

Space security issues can be traced back to the 1980s. In 1989, several systems were hit by a computer virus called “WANK”.

Although suspicion initially focused on one or more French attackers, investigations soon established that the attack had originated from Australia. Some would go so far as to say that this attack was one of Julian Assange’s first moves. Assange had decided to attack NASA because the agency was planning to launch a nuclear-powered satellite, and many activists associated this with the danger of nuclear power (the 1986 Chernobyl disaster was still fresh in everyone’s minds). Assange then decided to attack NASA’s systems in order to delay the launch. There is still a great deal of doubt as to the origin of the attack.

The 1980s-1990s were a golden age for hacktivism, with the emergence of hacker culture. This period and the decades that followed quickly established NASA as a prime target. A space agency reflects the politics of its country, and indeed, space agencies in many countries are particularly targeted.

At CyberInflight, we continuously monitor the evolution of the threat and establish trends that feed into our business intelligence studies in the field of space cybersecurity.

For further information, please contact us at : research@cyberinflight.com

wank-pdf-1