The American cybersecurity agency, CISA, has detected a group of hackers linked to the Kremlin in the network of a private American satellite. Hackers had been there for months.
Cyberwar does not necessarily make noise, but the battles continue in the shadows. A private American satellite network has been infiltrated by a group of Russian hackers, suspected of working for Moscow. Researchers from CISA, the American Cybersecurity Agency, worked on this cyberattack, detailed during a conference and transcribed by the Cyberscoop media on December 16, 2022.
The name of the company has not been released and few details have been released, as attacks against satellites pose a problem in terms of national security. Some of the communications provider’s customers were from critical infrastructure sectors in the United States. Since the infiltration was silent, one naturally concludes to spyware, malicious spyware, intended to steal data. Worse still, hackers had been installed for months in the network, say US government specialists.
Satellites are rarely used for internet connection today – cables have been preferred for a long time – however, they are still necessary for many professional uses, geolocation, or even television.
A branch of Russian intelligence
MJ Emanuel, a CISA analyst said at the Cyberwarcon event that all leads lead to the Russian hacker group Fancy Bear, also known as APT 28. sensitive targets in Europe and the United States. They are at the origin of the leak of emails from the Democratic Party in 2016 in the middle of the presidential campaign or of the cyberattack which stopped the broadcast of the TV5 Monde channel.
The Fancy Bear logo, a collective identified by the company in cyber Crowd Strike. Source: Crowd Strike
The mistake of the attacked provider was to use the same credentials for ordinary accounts as well as for “emergency” accounts, opening the door to hackers to more sensitive data.
The first attack against a Viasat satellite took place on the evening of the invasion of Ukraine on February 24. The network linked to the device had mysteriously gone down. On May 10, 2022, the European Union, the United States, and the United Kingdom officially accused the Russian authorities of carrying out this cyberattack. Despite their importance, satellites are still poorly secured and vulnerable to cyber espionage, warn many cyber experts.