Japan’s Space Agency (JAXA) Hit by Cyberattack

November 29, 2023

Japan’s space agency was hit by cyberattacks even as hackers failed to access sensitive information about rockets and satellite operations, a spokesperson revealed Wednesday (Nov 29). “There was a possibility of unauthorized access by exploiting the vulnerability of network equipment,” the spokesperson at Japan Aerospace Exploration Agency (JAXA) was quoted as saying by Reuters. However, the official declined to elaborate on details, such as when did the attack take place.

JAXA got to know about the attack after an external organisation conducted an internal audit, as per the spokesperson.

In August, China-backed hackers were held responsible by Japan for a months-long cyberattack campaign, in which Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) was targeted.

A spokesperson for the JAXA said a detailed investigation is going on into the hacking attempt and it was not revealed who could be orchestrating this.

read more

Snatch Claims it Breached Hemeria Group, partner of the French Space Agency CNES

April 18, 2022

The Snatch ransomware group has claimed in a post on February 17, 2023, that it has breached the systems of Hemeria Group, a partner of defense and space systems maker of the French Space Agency CNES in 2022. According to the leak site post, the operators of Snatch state they initiated talks with the Palace of Versailles to maintain caution because the company data is considered a state secret.

Cybersecurity researchers have posted about the Hemeria Group data breach with screenshots from the ransomware group’s post.
Hemeria management replied by denying having anything to do with the data that Snatch had. The firm also did not seem to be affected by the data breach news.

read more

Fake GPS Signals in Middle East lead Multiple Aircrafts Astray

November 24, 2023

GPS spoofing from an unknown source in the Iraq-Iran area is causing complete aircraft navigational system failures in some overflying airliners and business jets. GPS spoofing is “the surreptitious replacement of a true satellite signal that can cause a GPS receiver to output an erroneous position and time”

This novel type of GPS and IRS signal spoofing attack caused over 20 aircraft to suffer complete loss navigation capability over restricted airspace, and caused unintended divergences in flight paths, in the corridor between Iran and the UM686 airway in NW Iraq. As a result, one bizjet almost strayed into Iranian airspace without clearance. This jeopardized the safety of hundreds of lives. GNSS comms are unencrypted and were never expected or designed to cope with this threat.

read more

Spanish Aerospace Company targeted by North Korean Lazarus Gang

September 29, 2023

Hackers connected to a notorious group within the North Korean government launched an attack against an aerospace company in Spain, according to researchers at security company ESET. In a report on Friday, researchers said they discovered a campaign by hackers connected to Lazarus — an infamous group that has stolen billions from cryptocurrency firms over the last two years.

The North Korean ‘Lazarus’ hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown ‘LightlessCan’ backdoor. The hackers utilized their ongoing “Operation Dreamjob” campaign, which entails approaching a target over LinkedIn and engaging in a fake employee recruitment process that, at some point, required the victim to download a file.

Employees of the unnamed company were sent messages on LinkedIn from a fake Meta recruiter and tricked into opening malicious files that purported to be coding quizzes or challenges. When opened, the files infect a victim’s device with a backdoor that would allow the hackers to conduct espionage, according to ESET.

read more

BlackCat Allegedly Attacked Drone Systems Partner of NASA, Airbus

November 1, 2023

Unmanned drone systems maker, Autonomous Flight Technologies (AFT), has allegedly fallen victim to a cyberattack orchestrated by the notorious BlackCat ransomware group. The attackers claimed the Autonomous Flight Technologies data breach and purportedly sold exfiltrated data to an undisclosed foreign entity.

AFT, recognized for its cutting-edge unmanned drone technology, boasts prominent partnerships with industry giants such as Airbus, NASA, NBC, and Northrop Grumman. As the Autonomous Flight Technologies data breach remains unconfirmed, the industry awaits an official response from AFT while grappling with the broader implications of cybersecurity vulnerabilities in the rapidly advancing field of unmanned autonomous systems.

read more

Boeing Hacked – Lockbit Gang Leaks almost 45 GB of Data Reportedly Stolen.

October 27, 2023

Boeing Co. is assessing a claim made by the Lockbit cybercrime gang it had “a tremendous amount” of sensitive data it would publish online if Boeing didn’t pay a ransom by November 2.
The hacking group posted a countdown clock on its data leak website with a message saying, “Sensitive data was exfiltrated and ready to be published if Boeing do not contact within the deadline! For now we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline.”

Two weeks after the claimed attack, Lockbit leaked almost 45 gigabytes of data reportedly stolen.

read more

DoDDS Attack at Russian Flight Booking System, Leonardo, Disrupts Airport Operations

September 28, 2023

A Russian flight booking system was hit by a cyberattack on Thursday, causing delays at airports. The incident lasted about an hour and affected the operation of several Leonardo customers, including Russian air carriers Rossiya Airlines, Pobeda and flagship airline Aeroflot. DDoS attacks overwhelm websites with a flood of traffic, making them temporarily unavailable to users.

Leonardo is used by more than 50 Russian carriers and serves around 45 million passengers annually, according to the Russian news agency Interfax.

read more

National Science Foundation Shuts down Telescopes in Hawai’i and Chile

August 1, 2023

A U.S. national center for astronomy was struck with a cyberattack this week that hindered the operations of an observatory in Hawai’i and Chile.

The National Science Foundation’s National Optical-Infrared Astronomy Research Laboratory – also known as NOIRLab – published a notice on Tuesday night explaining that the lab had discovered an attempted cyberattack on its systems that morning. The attack forced the “suspension of astronomical observations at Gemini North in Hawai’i.” Located in Maunakea, Gemini North is one of the Gemini Observatory’s two telescopes, with the other in Chile, and is an international science partnership between the U.S., Canada, Chile, Brazil, Argentina and South Korea.

“Quick reactions by the NOIRLab cyber security team and observing teams prevented damage to the observatory. Out of an abundance of caution we have decided to isolate the Gemini Observatory computer systems by shutting them down,” the organization said. Both the telescopes in Hawai’i and in Cerro Pachón, Chile have been shut down as the IT team investigates the incident and “develops the recovery plan in consultation with NSF’s cyber specialists.”

The lab did not say if the incident was a ransomware attack but said it had no impact on the infrastructure of other NOIRLab centers.

read more

Airbus IT System Breach Exposes Data from Thousands of Airbus Vendors

September 12, 2023

The European aerospace giant Airbus said on Tuesday that it is investigating a cybersecurity incident following reports that a hacker posted information on 3,200 of the company’s vendors to the dark web. A threat actor using the moniker “USDoD” posted Monday on BreachForums that they obtained access to an Airbus web portal after compromising the account of a Turkish airline employee. The hacker claimed to have details on thousands of Airbus vendors, including names, addresses, phone numbers and emails, according to a report from Hudson Rock.

Airbus spokesperson Philippe Gmerek confirmed to Recorded Future News that hackers breached an “IT account associated with an Airbus customer” and that the company was investigating the incident. This account was used to download business documents dedicated to this customer from an Airbus web portal, the company said.

According to the Hudson Rock, the threat actor posted the leaked information publicly without making any demands. Few details are known about the threat actor or their motivations, but they have said they are a member of the relatively new ransomware group known as “Ransomed.”

read more

DDoS Attack at Bordercheck Point in Canada

September 14, 2023

A cyberattack suspected to be carried out by a pro-Russia hacking group reportedly resulted in widespread service disruptions at several Canadian airports. The Canada Border Services Agency (CBSA) confirmed to Recorded Future News that the connectivity issues that affected check-in kiosks and electronic gates at airports last week are the result of a distributed denial of service (DDoS) attack. Such attacks work by flooding systems with junk traffic, disrupting their operations. CBSA’s spokesperson said that they had restored all systems within a few hours. The Montreal Airport Authority (ADM) told the Canadian newspaper La Presse that a computer outage at check-in kiosks caused significant delays in the processing of arrivals for over an hour at border checkpoints throughout the country, including Montreal-Trudeau International Airport.

CBSA has not disclosed how a DDoS attack managed to breach the computer system used by check-in kiosks at airports. This system is supposed to be on a closed circuit, meaning it should not be connected to the internet, La Presse reported. CBSA did not respond to request to comment.

read more