Symantec, a software developer, claims to have discovered a cyber espionage campaign focused on infiltrating three telecom operators in Southeast Asia, as well as a defense contractor and a satellite communications operator. Some the targets of these attacks are based in the United States.
Information security training specialists warn that the group of hackers responsible for the attacks seems to be choosing victims carefully. Experts on the subject suggest that espionage is probably the main motivation of this group; however, given their interest in compromising different operating systems, the group could be taking a more aggressive pose. Intruders may have spied satellite communications or even reposition the compromised satellites and disrupt their operations.
According to experts in information security training, the disruption of the satellites operation could influence over the functioning of military and civilian structures, since they have become almost entirely dependent on satellite systems and telecommunications.
Recent alerts about this group of hackers come after U.S. and U.K. governments in April issue an unprecedented warning about Russian-linked hackers have embarked on an extensive campaign to infiltrate routers, switches, firewalls and network intrusion detection systems. Infections seem to give attackers support points in vulnerable but critical systems that could be used to spy and steal intellectual property.
China, possible attack source
Intelligence and national security agencies have established contact with information security specialists to find the source of attacks on satellite controllers.
The latest reports of this kind of attack go back to three computers in China. In other words, the Chinese government may, supposedly, have ordered the attacks. Experts continue to warn that the origin of the attacks is not a reliable indicator for the attack attribution, as hackers can hide their true location or even blame others.
Looking for satellite control
Specialists in information security training report that the group behind these attacks has shown particular interest in a satellite operator computer used for control and monitoring, a fact that suggests that they could possibly go beyond espionage tasks.
The group has also shown interest in a geospatial mapping system whose name has not yet been revealed, says the International Institute of Cyber Security.