Tag Archive for: satellite

US, partners target North Korea with sanctions following satellite launch

/in


WASHINGTON/SEOUL (Reuters) -The United States on Thursday targeted North Korea with fresh sanctions after its launch of a spy satellite last week, designating foreign-based agents it accused of facilitating sanctions evasion to gather revenue and technology for its weapons of mass destruction program.

The U.S. Treasury Department in a statement said it also applied sanctions to cyber espionage group Kimsuky, accusing it of gathering intelligence to support North Korea’s strategic and nuclear ambitions.

Thursday’s action, taken in coordination with Australia, Japan and Korea, comes after North Korea last week successfully launched its first reconnaissance satellite, which it has said was designed to monitor U.S. and South Korean military movements.

“Today’s actions by the United States, Australia, Japan, and the Republic of Korea reflect our collective commitment to contesting Pyongyang’s illicit and destabilizing activities,” Treasury’s Under Secretary for Terrorism and Financial Intelligence, Brian Nelson, said in the statement.

“We will remain focused on targeting these key nodes in the DPRK’s illicit revenue generation and weapons proliferation,” Nelson added, calling North Korea by the initials of its official name, the Democratic People’s Republic of Korea.

South Korea’s foreign ministry said on Friday that it had blacklisted 11 North Koreans for involvement in the country’s satellite and ballistic missile development, banning them from any financial transactions.

The list includes senior officials from the National Aerospace Technology Administration, which oversaw the satellite launch, and the munitions industry department.

North Korea’s mission to the United Nations in New York did not immediately respond to a request for comment on Thursday’s sanctions.

Since the launch of the satellite, North Korea said that its leader, Kim Jong Un, has reviewed spy satellite photos of the White House, Pentagon and U.S. aircraft carriers at the naval base of Norfolk. Its state media has also reported that the satellite photographed cities and military bases in South Korea, Guam, and Italy, in addition to Washington.

On Monday, the United Nations ambassadors of the United States and North Korea…

Source…

How Hackers Can Hijack a Satellite

/in


A computer flying hundreds or even thousands of kilometers in the sky, at a speed of tens of thousands of kilometers an hour, is nonetheless still a computer. And every connected computer has an attack surface.

Researchers, nation-states, and even ordinary cybercriminals have long since demonstrated how to hijack the control and communications aspects of satellite technology. Just last year, on the day of its ground invasion, Russian hackers caused an outage for the Ukrainian satellite Internet service provider Viasat, and on Nov. 18, the pro-Russian hacktivist group Killnet performed a distributed denial-of-service (DDoS) attack against SpaceX’s Starlink system, which was providing connectivity to cut-off regions of Ukraine. More recently, the Wagner Group claimed responsibility for a temporary downage at Russian Internet provider Dozor-Teleport. The group did it, supposedly, by uploading malware to multiple satellite terminals.

It’s clear that we can disrupt satellite links, but what about the satellites themselves? The firmware and software hovering up there in the sky? Arguably, they’re just as exposed.

In a presentation next month at Black Hat USA in Las Vegas, Johannes Willbold, a doctoral student at the Ruhr University in Bochum, Germany, will demonstrate how satellites can be manhandled by hackers. (Hint: It’s not that hard.)

“There’s certainly a security by obscurity there,” he acknowledges, “but apart from that, a lot of satellites are not doing anything else to prevent misuse.”

Satellites Cling to Security by Obscurity

In a paper published earlier this year, Willbold and five colleagues surveyed 19 engineers and developers representing 17 different models of satellite. Of those 17, three of the respondents admitted they had not implemented any measures to prevent third-party intrusion. In five cases the respondents were unsure or declined to comment, while the remaining nine had, indeed, implemented some defenses. Yet even some of those better cases were iffy — only five of those nine, for example, had implemented any kind of access controls.

“So many of the satellites that we looked at just straight-up had no protection against somebody manipulating the satellite, except…

Source…

In Other News: Security Firm Hit by Investor Lawsuit, Satellite Hacking, Cloud Attacks

/in


SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:

Researchers analyze satellite security

Researchers in Germany have analyzed several satellites and discovered various types of vulnerabilities, as well as the lack of protection mechanisms such as encryption and authentication. They showed how an attacker could disrupt communications with ground control, and take control of a satellite’s systems. 

However, satellite hacking is not easy and manufacturers are counting on security through obscurity in hopes of preventing hacker attacks. The researchers worked with the European Space Agency, universities involved in the development of satellites, and a commercial company to conduct their work. 

Advertisement. Scroll to continue reading.

Microsoft expands Security Service Edge (SSE), renames Azure AD

Microsoft has added two new identity-centric capabilities to its Security Service Edge (SSE) solution. The new Entra Internet Access and Entra Private Access will secure access to internet, SaaS and Microsoft 365 applications, and private apps and resources. In addition, to simplify naming, the tech giant is renaming Azure AD to Entra ID, without changing APIs, capabilities, licensing, or sign-in URLs. 

Introducing passwordless authentication on GitHub.com

GitHub this week announced the public beta availability of passkey authentication on GitHub.com, allowing users to sign in with biometric credentials, without having to enter their password. Users can enable passkeys authentication from the Settings menu, by navigating to the ‘feature preview’ tab.

Two-factor authentication vulnerability patched in Drupal 

A vulnerability affecting a two-factor authentication…

Source…

Cybersecurity Researchers Sent a “Sandbox” Satellite into Space to Hack into It

/in


Cybersecurity Researchers Sent a “Sandbox” Satellite into Space to Hack into It

Rendering of the Moonlighter satellite.

image credit: The Aerospace Corporation.

For the first time, researchers launched a satellite into space with the expressed hope that hackers will find and exploit weaknesses in its security defenses. Dubbed Moonlighter, the satellite will be the core of Hack-a-Sat, an annual space security competition hosted at DEF CON, the world’s largest hacking conference. 

The project is a collaboration between the Aerospace Corporation, the Air Force Research Laboratory, and US Space Systems Command. In a so-called bug bounty program to be held at this year’s DEF CON, which will begin on August 10, five teams of hackers will face off to identify vulnerabilities and breach the satellite’s cybersecurity system so that the government can learn more about how hackers go about satellite cyberattacks. The first team to hack the satellite will receive a $50,000 grand prize.

The satellite hitched a ride into low earth orbit on a SpaceX rocket on June 5, along with several other CubeSats for a resupply mission to the International Space Station, where it’s currently awaiting deployment. The satellite will finally go into orbit in July in preparation for DEF CON.

The Hack-a-Sat competition started in 2020, after the secretary of acquisitions for the Air Force attended DEF CON. Since then, the Air Force has used the annual competition an information-gathering project. But so far, all the competitions have been simulations — Moonlighter will be the first actual satellite involved.

James…

Source…