Satellite
20 Jun 2018

Hackers spread viruses to satellites - exposing serious technological vulnerabilities

Hackers managed to get into the systems of satellite operators, telecom companies and defense companies, the US based Symantec security company announced today.
 

According to Symantec, the hackers are based in China.

The affected parties are in the United States and Southeastern Asia, and according to Symantec, the intent seems to have been government spying, snapping up both military and civil data traffic.

What´s very unusual about this attack was that the hackers left behind a virus in systems that control satellites, which could give them the ability to move the satellites or stop the data traffic that passes through them.

The malicious software has been removed, Symantec states.

The company also says it has has shared its discoveries with authorities in the United States and relevant Southeast Asian countries.

“Disruption to satellites could leave civilian as well as military installations subject to huge (real world) disruptions,” said Vikram Thakur, technical director at Symantec. “We are extremely dependent on their functionality.”

Satellites are critical to phone links and some internet traffic as well as mapping and positioning data.

Symantec, based in Mountain View, California, described its findings to Reuters exclusively ahead of a planned public release. It said the hackers had been removed from infected systems.

Symantec said it has already shared technical information about the hack with the US Federal Bureau of Investigation and Department of Homeland Security, along with public defence agencies in Asia and other security companies. The FBI did not respond to a request for comment.

Thakur said Symantec detected the misuse of common software tools at client sites in January, leading to the campaign’s discovery at unnamed targets. He attributed the effort to a group that Symantec calls Thrip.