Coverage of the Dozor-Teleport Attack

On June 28-29, 2023, a series of messages on a Telegram channel claimed a large-scale cyber attack against Dozor-Teleport. Along with the claim messages, numerous files to download, an audio recording, and several screenshots were made available. The attacker(s) claimed affiliation with the Wagner Group without providing any additional evidence.

The information was first picked up on Twitter by pro-Ukrainian accounts. It quickly leaked to numerous cybersecurity news sites worldwide. Within 12 hours, major news outlets such as The Washington Post reported the information. Within 24 hours, the information was present on a range of media platforms.

During this dissemination, the information underwent a true game of “Chinese whispers.” The initial articles simply reproduced the information as it was published on Twitter or Telegram, barely mentioning that it was what the attackers claimed. Subsequently, various media outlets started amplifying the information. Headlines suggested that a Russian military hashtag#satellite network had been hacked before articles began appearing about hacked Russian military communication satellites.

In general, several issues continue to arise regarding the treatment of information about attacks in the space domain:

1️Once the word “satellite” is mentioned, the information suddenly gains interest in terms of cybersecurity. The reason is simple: the combination of space and cyber can quickly evoke fascination. The downside is that sensationalist headlines often multiply.

There is a clear lack of perspective regarding information related to cyberattacks. The need to be the first to publish information (which is understandable) leads to approximate or poorly verified information spreading rapidly.

The study and questioning of sources are rarely emphasized. Many press articles simply republish what has already been said without verifying the primary source of the information. As a result, basic information quickly becomes considered as true. For example, based on a given analysis on Twitter, it has been repeated by numerous media outlets that it was the first attack on a satellite provider since Viasat, which is false.

In the era of OSINT (Open-Source Intelligence), the amount of available information is considerable, but there is a lack of necessary reflection for understanding the information. Consequently, certain major cyberattacks that occurred over a year ago, such as the Viasat hashtag#attack, remain particularly vague in both their execution and impact.

#spacecybersecurity  #satellite  #cyber

“Your system has been officially WAN***”

Space security issues can be traced back to the 1980s. In 1989, several systems were hit by a computer virus called “WANK”.

Although suspicion initially focused on one or more French attackers, investigations soon established that the attack had originated from Australia. Some would go so far as to say that this attack was one of Julian Assange’s first moves. Assange had decided to attack NASA because the agency was planning to launch a nuclear-powered satellite, and many activists associated this with the danger of nuclear power (the 1986 Chernobyl disaster was still fresh in everyone’s minds). Assange then decided to attack NASA’s systems in order to delay the launch. There is still a great deal of doubt as to the origin of the attack.

The 1980s-1990s were a golden age for hacktivism, with the emergence of hacker culture. This period and the decades that followed quickly established NASA as a prime target. A space agency reflects the politics of its country, and indeed, space agencies in many countries are particularly targeted.

At CyberInflight, we continuously monitor the evolution of the threat and establish trends that feed into our business intelligence studies in the field of space cybersecurity.

For further information, please contact us at : research@cyberinflight.com

wank-pdf-1

Gouvernance de la cybersécurité des programmes spatiaux

Ce jeudi 29 juin, Cyberinflight était présent au COMET CYBER, un évènement dédié à la gouvernance de la cybersécurité des programmes spatiaux

#space #cybersecurity.

Florent Rizzo, fondateur et PDG de Cyberinflight a animé une présentation avec Paul Varela sur le sujet « RETEX Space ISAC US / EU avec EUSPA ».

Cyberinflight tient à remercier le CNES pour l’organisation de ce bel évènement.

Russian space sector and DDoS attacks in 2022

The information below is issued from several Russian media, it should therefore be treated with great caution

During the months following the start of the Russian invasion of Ukraine, Roscosmos experienced several waves of DDoS attacks.

Roscosmos specified that on March 3rd and 4th, 2022, the websites of state-owned companies and industrial enterprises were subjected to a massive hashtag#cyberattack from abroad, originating from different IP addresses registered in various Western countries, mainly the United States, Canada, Sweden, the Netherlands, and Australia. Specifically, we are referring to the sources of Energuya, the M.V. Khrunichev Center, TsENKI, the Russian Space Systems (RKS) company, TsNIIMash, ISS-Reshenyov, and Uralvagonzavod.

In June 2022, the website of the Russian hashtag#space agency was once again targeted by a DDoS attack, which occurred after the publication of satellite images of NATO member countries “decision centers”, said Dmitry Strougovets, the head of the state-owned company’s press service.

Ivan Grigorov, the acting director of the “Zarya” Scientific and Technical Center (the parent organization of Roscosmos for information hashtag#security ), stated that “DDoS attacks are the third most common among cyberattacks (attempts at malware injection and hashtag#network analysis being the first and second). The trend is remarkable: in the past six months, more of these attacks have been recorded than in 2021”.

Cyberattacks on the space industry around the world rose sharply following the outbreak of war in Ukraine. CyberInflight has carried out extensive data collection and analysis through several databases.

In case you and your organization are interested to purchase one or more database, contact us at this adress : research@cyberinflight.com

Strengthening Satellite Cybersecurity with the Space Force Space Development Agency

The Space Development Agency (SDA) of the Space Force is making significant progress in enhancing cybersecurity applied to the space domain. The SDA has entrusted SAIC with the task of developing and maintaining a cloud-based “application factory.” This platform will be responsible for designing, developing, testing, and deploying “cyber-resilient” battle management, command, and control communications (BMC3) software for upcoming low Earth orbit satellites.

SAIC’s application factory will serve as a central hub for testing and deploying mission-specific software, ensuring interoperability within a modular framework. This innovative approach will even enable satellite upgrades in orbit, highlighting the importance of cybersecurity in space operations.

SAIC’s work does not stop there. They will develop “compute modules” for the BMC3 hashtag#software, ensuring that satellites can exchange information amongst themselves and, most importantly, with ground operators. The software environment of the application factory will be used to develop these modules and verify their functionality.

The SDA contract, valued at up to $64 million over four years, mandates that SAIC will develop, implement, and maintain the hashtag#architecture and infrastructure necessary to create a “clearing house” for other contractors who are developing mission-specific applications.

The emphasis on cybersecurity by the SDA and SAIC not only strengthens the safety of space systems but also reinforces resilience of hashtag#space infrastructures against #cyber_threats.

“The most corrupted network [the Directorate] had ever seen”

Ten years ago, a major cyberattack was discovered on the Australian company NewSat.

The hashtag#network had to be rebuilt from scratch in secret. That work took almost a year and cost nearly $1 million.

One former tech employee at the company told the press it was understood by the staff that NewSat had sensitives communications interception equipments in its data centre (including highly confidential plans for a privately financed geostationary communications satellite). Because of the company’s state of information hashtag#security, the Australian Government had refused to hand NewSat a restricted NSA hashtag#encryption tool for its satellites.

Intelligence services have stated that in these cases, they suspect the attackers were sponsored by China.

“Given we were up against China, state-sponsored, a lot of money behind them and a lot of resources and we were only a very small IT team, it certainly wasn’t a fair fight for us”, said Newsat’s former IT manager Daryl Peter.

While the company has carried communications for resources and fossil fuel companies, as well as the US military’s campaign in Afghanistan, Mr Peter said the real target for the cyber infiltration was its plans for a Lockheed Martin-designed hashtag#satellite dubbed Jabiru-1.

“The way it was described to us was they are so deep inside our network it’s like we had someone sitting over our shoulder for anything we did” said Daryl Peter.

Cybersecurity issues in the hashtag#space sector have taken a new turn recently, but they are not new. This attack demonstrates that hashtag#cyber espionage activities against space infrastructures have been used intensively since the early 2010s.

The number of cyberattacks targeting the space sector every year continues to rise. CyberInflight collects and analyzes these attacks as well as threat actors and cybersecurity organizations involved in the space sector. This research and information analysis can be found in our market intelligence report on space cybersecurity.

For further information about our report or our set of databases, please contact us at the following address: research@cyberinflight.com

Quarterly Digest for Q2 2021 is out !

CyberInflight’s digest for Q2 2021 is out ! In this digest, we want to give an introduction to the CMMC framework (Cybersecurity Maturity Model Certification), which measures cybersecurity maturity and aligns a set of processes and practices with the type and sensitivity of information to be protected.

Here is the agenda for the digest:

I. Introduction to CMMC

  • What is CMMC ?
  • CMMC levels and domains
  • CMMC processes and practices
  • CMMC rollout phases

II. Threat Intelligence

  • Noticeable facts of Q2 2021 (1/2)
  • Noticeable facts of Q2 2021 (2/2)

III. Aerospace Tech Review webinar presentation

  • 2021 threat timeline
  • Observed market forces

You can register to our Quarterly Digest service here or write us at digest@cyberinflight.com to submit a topic of your choice.

The Space Platform Overlay

Here is a mindmap of the Space Overlay.

The NIST special publication  SP 800-53 Rev. 5 entitled “Security and Privacy Controls for Information Systems and Organizations” provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets.

Government programs and organizations have attempted to take portions of NIST governance documents and apply it to space systems. The Space Overlay takes the existing control sets (such as the CNSSI No. 1253 and the NIST 800-53 Rev. 5) and articulates what could be applicable to the spacecraft.

Find out more in our strategic market intelligence report dedicated to Space Cybersecurity. Participate to the interview process here: contact@cyberinflight.com

CyberInflight is now a proud member of the Space ISAC

In April 2021, CyberInflight became a member of Space ISAC. CyberInflight is proud to be the first french company to be part of this prestigious association.

Space ISAC serves to facilitate collaboration across the global space industry to enhance the ability to prepare for and respond to vulnerabilities, incidents, and threats; to disseminate timely and actionable information among member entities; and to serve as the primary communications channel for space sector with respect to this information.

Space ISAC is the only all-threats security information source for the public and private space sector. It will be the most comprehensive, single point source for data, facts and analysis on space security and threats to space assets. Space ISAC also provides analysis and resources to support response, mitigation and resilience initiatives.

CyberInflight will bring its expertise in market intelligence in the domain of aerospace cybersecurity to help Space ISAC members. Our participation in this association will allow us to gather, consolidate and analyze information in order to provide comprehensive resources for the space industry.

Quarterly Digest for Q1 2021 is out !

Our new digest is out ! In this document, we provide a thorough review of all the patents related to the topic of aircraft cybersecurity. Did you know that there are approximately 180 patents on this topic and that 60% of them were issued in the last 2 years ? This certainly show a growing interest or a growing concern regarding potential cyberattack onboard an aircraft.

The scope covered by these patents is very broad and covers a wide set of topics. Look at the mindmap below to get a better idea.

In this digest, as usual, the list of noticeable facts, in particular cyberattacks, on aerospace stakeholders for Q1 2021.

Here is the agenda for the digest:

I.Patents on aircraft cybersecurity

  • Embedded cybersecurity timeline
  • Introduction on aircraft cybersecurity patents
  • Flashcard on Boeing’s patent
  • Aircraft cybersecurity patents per company
  • Aircraft cybersecurity patents per year
  • Mindmap of key patented topics
  • Key patented topics

II.Threat Intelligence

  • Noticeable facts of Q1 2021 (1/3)
  • Noticeable facts of Q1 2021 (2/3)
  • Noticeable facts of Q1 2021 (3/3)

You can register to our Quarterly Digest service here or write us at digest@cyberinflight.com to submit a topic of your choice.