Chinese Hack Breached US Satellites

A sophisticated hacking campaign launched from computers in China burrowed deeply into satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, security researchers at Symantec Corp have discovered 

The effort appeared to be driven by national espionage goals, such as the interception of military and civilian communications. Such interception capabilities are rare but not unheard of, and the researchers could not say what communications, if any, were taken. 

More disturbingly in this case, the hackers infected computers that controlled the satellites, so that they could have changed the positions of the orbiting devices and disrupted data traffic, Symantec said. 

“Disruption to satellites could leave civilian as well as military installations subject to a huge (real world) disruptions,” said Vikram Thakur, technical director at Symantec. “We are extremely dependent on their functionality.” 

Satellites are critical to phone and some internet links as well as mapping and positioning data. Symantec, based in Mountain View, California, described its findings to Reuters exclusively ahead of a planned public release. It said the hackers had been removed from infected systems. 

Symantec said it has already shared technical information about the hack with the US Federal Bureau of Investigation and Department of Homeland Security, along with public defense agencies in Asia and other security companies. The FBI did not respond to a request for comment. Thakur said Symantec detected the misuse of common software tools at client sites in January, leading to the campaign’s discovery at unnamed targets. #

He attributed the effort to a group that Symantec calls Thrip, which may be called different names by other companies. 

Thrip was active from 2013 on and then vanished from the radar for about a year until the last campaign started a year ago. In that period, it developed new tools and began using more widely available administrative and criminal programs, Thakur said. 
Other security analysts have also recently tied sophisticated attacks to Chinese groups that had been out of sight for a-while, and there could be overlap. 

FireEye Inc in March said that a group it called Temp.Periscope reappeared last summer and went after defense companies and shippers. FireEye had no immediate comment on the new episode. 

It was unclear how Thrip gained entry to the latest systems. In the past, it depended on trick emails that had infected attachments or led recipients to malicious links. This time, it did not infect most user computers, instead moving among servers, making detection harder. 

Following its customary stance, Symantec did not directly blame the Chinese government for the hack. It said the hackers launched their campaign from three computers on the mainland. In theory, those machines could have been compromised by someone elsewhere. 

Reuters

You Might Also Read:

Chinese Satellite Sends Hack-Proof Messages:

Chinese Military Aim To Lead On Cyber-Space Defense:

 

« German Nuclear Plant Infected With Viruses
Ukraine Says Russian Hackers Are Preparing A Massive Strike »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Corero Network Security

Corero Network Security

Corero Network Security is dedicated to improving the security of the Internet through the deployment of its innovative DDoS & Network Security Solutions.

Silicon:SAFE

Silicon:SAFE

Silicon:SAFE develops impenetrable hardware solutions that prevent bulk data theft during a cyber-attack.

AntemetA

AntemetA

AntemetA specializes in network infrastructure, security and cloud computing, helping companies transform their Information Systems.

SecuLution

SecuLution

SecuLution is an Antivirus product using Application Whitelisting which offers much more protection than Virus Scanners ever can.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

SkillCube

SkillCube

SkillCube is one of the pioneers in India focusing on Cyber Security Skill Development Solutions.

Careerjet

Careerjet

Careerjet is a leading online job search engine with a large presence worldwide, sourcing millions of job ads from thousands of websites from all over the world in areas including Cybersecurity.

Snode Technologies

Snode Technologies

Snode's Guardian cybersecurity platform uses AI and machine learning to monitor, detect and proactively respond to all threats on every device within your network.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

Next47

Next47

Next47 is a global venture firm, backed by Siemens, committed to turning today's impossible ideas into tomorrow's indispensable industries.

Blackbird.AI

Blackbird.AI

Blackbird.AI provides an intelligence and early-warning system to help users detect disinformation and take action against threats.

Regulativ.ai

Regulativ.ai

Regulativ.ai is an innovative and comprehensive platform, driven by AI, to address the regulatory and compliance needs of Cyber Security Regulatory compliance and reporting.

Cyber Coaching

Cyber Coaching

Cyber Coaching is a community for enhancing technical cyber skills, through unofficial certification training, cyber mentorship, and personalised occupational transition programs.

NetScout Systems

NetScout Systems

NetScout assures digital business services against disruptions in availability, performance, and security.

Phriendly Phishing

Phriendly Phishing

Phriendly Phishing offers phishing awareness training programs designed to ward off potential security threats and minimise the impact of cyber attacks.