October 12, 2021

Report: Cyber Group Targeted Aerospace and Telco Sectors

The Vehicle Assembly Building at Kennedy Space Center. Photo: NASA
The Vehicle Assembly Building at Kennedy Space Center. Photo: NASA

An Iranian hacking group has targeted a global array of aerospace and telecom companies since at least 2018, according to research published by Cybereason last week. 

  • The Boston cybersecurity firm refers to the previously unidentified cyber group as “MalKamak.” MalKamak’s espionage campaign was dubbed “Operation Ghostshell.”
  • Cybereason, which discovered the group earlier this year, didn’t name the companies affected. But Ghostshell compromised at least 10 firms and affected “dozens of others,” Bloomberg reported.

Op. Ghostshell objectives: Using a new type of spyware, Malkamak sought to access and siphon away IP, sensitive data, and technology from its targets. While the campaign was concentrated on Middle Eastern victims, Malkamak also went after companies in the US, EU, and Russia. 

Cyberspace + counter-space: Satellites, ground infrastructure, comms equipment, corporate servers, you name it…if it’s a space-related asset, it could eventually have a target on its back. From sophisticated hackers’ POV, the space industry represents an attractive target for more reasons than we can count. To name five: 

  1. For many satellites, and especially spacecraft on decades-old missions, hardware is frozen in time and reliant on dated security protocols. 
  2. Companies may not rely on the same hardening measures as intelligence agencies or militaries. 
  3. Critical infrastructure depends on space assets. Compromised satellites could become a central, cascading point of failure for everyday navigation and communication functions. 
  4. Space companies have complex supply chains and vendor ecosystems, which expands their threat surface. 
  5. Finally, of course, there are many geopolitical and national security elements at play. While unconfirmed, it’s highly likely that Ghostshell’s victims had sensitive dealings with their countries’ government agencies and national security communities. 

Fortunately, the worst-case “lights out” scenarios alluded to above have not come to pass. Still, vulnerabilities remain. Better safe than sorry.

Payload’s takeaway: The hardening of space assets—from software to ground stations—seems destined to grow with the commercialization of the final frontier. We’re especially interested to watch collaboration efforts between industry and government, but also where security practices might still be siloed and antiquated.