Russian Hackers Hijack Satellite To Steal Data from Thousands of Hacked Computers

Russian Hackers Hijack Satellite To Steal Data from Thousands of Hacked Computers

A group of Russian hackers, most notably the Turla APT (Advanced Persistent Threat) is hijacking business satellites to cover command-and-control operations, a security firm aforementioned nowadays.

Turla APT cluster, that was named once its infamous package Epic Turla, is abusing satellite-based net connections so as to:

Siphon sensitive knowledge from government, military, diplomatic, analysis and academic organizations within the us and Europe.

Hide their command-and-control servers from enforcement agencies.

Despite a number of its operations were uncovered last year, Turla APT cluster has been active for near a decade, whereas remaining invisible by smartly concealment from enforcement agencies and security companies.

Now, security researchers from Moscow-based cyber security firm Kaspersky science laboratory claim to possess known the means Turla APT cluster succeeded out of sight itself.

The researchers aforementioned the cluster disguised itself by mistreatment business satellite net connections to cover their command-and-control servers.

Turla could be a subtle Russian cyber-espionage cluster, believed to be sponsored by the Russian government that has targeted variety of state, military, embassy, research, and pharmaceutical organizations in additional than forty five countries, as well as China, Vietnam, and therefore the us.

Hijacking Satellite to cover Command-and-Control Servers

The cluster is understood for exploiting extremely vital vulnerabilities in each Windows additionally as UNIX {operating system} operating systems, but…

…the satellite-based communication technique utilized by the cluster to assist hide the placement of their servers seems to be additional subtle than previous ones, in keeping with Kaspersky researchers.

The Turla hackers exploit the actual fact that older satellites that orbit round the Earth:

Don't associate with support for encrypted connections

Relies on unsuspecting users of the satellite net service suppliers across the globe

The cluster cash in of this explicit loophole within the style of those satellites, which might be simply exploited to freely intercept traffic between the satellite and a particular user.

Here's however the theme Works

The technique is kind of straightforward as a result of you has got lots of vulnerable satellites orbiting round the Earth and causation unencrypted traffic to a desired geographical location.

The Turla APT cluster solely needs:

A rented house in a vicinity wherever the vulnerable satellites give coverage

A satellite dish to intercept the traffic

A telephone circuit net affiliation

Turla hackers sniff through the traffic that comes down from the satellite and choose associate information processing address of a random user on-line at that moment.

Once designated, the hackers then try and infect the target pc with malware so as to tack together the domain names for hacker's command-and-control (Camp’s) servers to purpose to it information processing address.

Once Turla hackers gain the management of Satellite's user system, the hackers instruct the infected botnet computers to send the taken knowledge to the command-and-control (Camp’s) server (compromised satellite user).

Tags: Cyber security,Network Security,Computer Security

Comments

Leave a comment