CISA Finds Russian Hackers Infiltrated US Satellite Network
According to MJ Emanuel, an incident response analyst at CISA, the Fancy Bear Russian military group was in the victim’s networks for months. CISA’s experts found that the group exploited a 2018 vulnerability in an unpatched virtual network, allowing perpetrators to gather credentials during active sessions.
The victim company was also found to use the same credential for both emergency and normal accounts. The company was also transmitting unencrypted supervisory control and data acquisition traffic, Emanuel said.
The announcement raises concerns about Russia’s intentions to infiltrate and disrupt space activities, CyberScoop reported.
Experts noted that space security is becoming a growing global concern as industries and militaries worldwide increasingly rely on satellites for communications, navigation and internet connectivity. Gregory Falco, a professor at Johns Hopkins University who focuses on space cybersecurity, said even though satellite services are vital, the current approach to security have been inconsistent.
According to Falco, satellite systems can no longer operate through security by obscurity as attack patterns are becoming more public. He added that a lack of standards for the space industry has contributed to an inconsistent security approach and leaves systems vulnerable to attacks.
Another issue that cyber experts found within the space industry is the rapid increase of entrants into the market that may not be placing enough focus on cybersecurity. According to a 2019 report by Aerospace Corp., companies that aim for high-paced, low-cost manufacturing are particularly prone to cyber intrusions.
CISA argued in the past the space should be designated critical infrastructure. This would give the industry greater access to intelligence-sharing mechanisms and disaster-planning resources.
Tags: CyberScoop cybersecurity Cybersecurity and Infrastructure Security Agency Fancy Bear Gregory Falco MJ Emanuel Russia satellite security space cybersecurity