Chinese Hack Breached US Satellites

A sophisticated hacking campaign launched from computers in China burrowed deeply into satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, security researchers at Symantec Corp have discovered 

The effort appeared to be driven by national espionage goals, such as the interception of military and civilian communications. Such interception capabilities are rare but not unheard of, and the researchers could not say what communications, if any, were taken. 

More disturbingly in this case, the hackers infected computers that controlled the satellites, so that they could have changed the positions of the orbiting devices and disrupted data traffic, Symantec said. 

“Disruption to satellites could leave civilian as well as military installations subject to a huge (real world) disruptions,” said Vikram Thakur, technical director at Symantec. “We are extremely dependent on their functionality.” 

Satellites are critical to phone and some internet links as well as mapping and positioning data. Symantec, based in Mountain View, California, described its findings to Reuters exclusively ahead of a planned public release. It said the hackers had been removed from infected systems. 

Symantec said it has already shared technical information about the hack with the US Federal Bureau of Investigation and Department of Homeland Security, along with public defense agencies in Asia and other security companies. The FBI did not respond to a request for comment. Thakur said Symantec detected the misuse of common software tools at client sites in January, leading to the campaign’s discovery at unnamed targets. #

He attributed the effort to a group that Symantec calls Thrip, which may be called different names by other companies. 

Thrip was active from 2013 on and then vanished from the radar for about a year until the last campaign started a year ago. In that period, it developed new tools and began using more widely available administrative and criminal programs, Thakur said. 
Other security analysts have also recently tied sophisticated attacks to Chinese groups that had been out of sight for a-while, and there could be overlap. 

FireEye Inc in March said that a group it called Temp.Periscope reappeared last summer and went after defense companies and shippers. FireEye had no immediate comment on the new episode. 

It was unclear how Thrip gained entry to the latest systems. In the past, it depended on trick emails that had infected attachments or led recipients to malicious links. This time, it did not infect most user computers, instead moving among servers, making detection harder. 

Following its customary stance, Symantec did not directly blame the Chinese government for the hack. It said the hackers launched their campaign from three computers on the mainland. In theory, those machines could have been compromised by someone elsewhere. 

Reuters

You Might Also Read:

Chinese Satellite Sends Hack-Proof Messages:

Chinese Military Aim To Lead On Cyber-Space Defense:

 

« German Nuclear Plant Infected With Viruses
Ukraine Says Russian Hackers Are Preparing A Massive Strike »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Protegrity

Protegrity

Protegrity is an enterprise and cloud data security software for data-centric encryption and tokenization to protect sensitive data while maintaining usability.

AVR International

AVR International

AVR educate, advise, analyse and provide professional, technical consultancy and support to ensure your business is safe, compliant and protected.

ZeroFox

ZeroFox

ZeroFox safeguards modern organizations from dynamic security risks across social, mobile, surface, deep and dark web, email and collaboration platforms.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

Nova Leah

Nova Leah

Nova Leah helps connected medical device manufacturers meet cybersecurity compliance requirements throughout the entire product lifecycle.

Blu Venture Investors (BVI)

Blu Venture Investors (BVI)

Blu Venture Investors is a venture capital firm that supports early stage companies with a focus on technology in diverse domains including cybersecurity, IoT, defense and homeland security.

Axxum Technologies

Axxum Technologies

Axxum Technologies is a premier provider of Network Communications and Information Technology Security Solutions.

BigPanda

BigPanda

BigPanda is the first provider of Autonomous Operations solutions that empower IT Operations at large, complex enterprises.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

Profian

Profian

Profian’s hardware-based solutions maintain your data's confidentiality and integrity in use, providing true confidential computing to meet regulatory and audit requirements.

Nanitor

Nanitor

Nanitor is a powerful cybersecurity management platform focusing on hardening security fundamentals across your global IT infrastructure.

HCS

HCS

HCS is an IT Company and Telecoms provider with an experienced team who are dedicated to ensuring our clients business systems are protected.

Flow Security

Flow Security

Enterprises run on data, Flow secures it at runtime. With a runtime-first approach, Flow is a game-changer in the data security space, securing data itself, beyond the infrastructure it resides in.

Simpson Associates

Simpson Associates

Simpson Associates is a Data Transformation and managed services provider that helps organisations gain valuable insights from their data and make better-informed decisions.

METCLOUD

METCLOUD

METCLOUD is driving a cloud evolution. A cloud that promises relentless cybersecurity, performance, resilience and sustainability.

Auraya

Auraya

Auraya develops its next generation voice biometric AI to deliver easy-to-use and highly secure speaker recognition and fraud detection capabilities.