While political and military leaders debate the pros and cons of whether the United States needs a separate “Space Force,” Chinese hackers have offered a reminder of two truths: operations in space are extremely important, and the assets used in space are vulnerable to cyberattack.
Security company Symantec reported this month that a group it dubs Thrip had targeted satellite communications, telecommunications, an organization involved in geospatial mapping and imaging, and a defense contractor in attacks in late 2017 that originated in China.
Symantec described it as a highly targeted espionage campaign, using powerful custom malware along with more conventional hacker tools, but said that its focus on the operations side of a targeted satellite company, rather than its customers, could indicate that its intentions go beyond espionage. “The attack group seemed to be particularly interested in the operational side of the company, looking for and infecting computers running software that monitors and controls satellites,” Symantec said. “This suggests to us that Thrip’s motives go beyond spying and may also include disruption.”
Thrip’s attacks were stealthy, using a tactic Symantec calls “living off the land.” Attackers infiltrate the operating system or network administration tools, taking advantage of software either already installed or that’s running simple scripts directly in memory. This approach, which the company says is being used in almost every targeted attack, allows the malware to hide in plain sight, reducing the chances of it being detected. And if discovered, it makes attributing the attack more difficult.
The report doesn’t name the targeted companies, although it says the targeted telecom companies are based in Southeast Asia. The attack on the geospatial operation involved MapXtreme GIS software, used in developing custom geospatial applications and integrating location data into other applications, as well as Google Earth Server and Garmin imaging software.
Symantec said it has been monitoring Thrip since 2013, but noticed the current campaign in January, using the company’s Targeted Attacks Analytics tool. The campaign appears to have started about the same time that rumblings were being made of a trade war with China, which is now escalating.
The vulnerability of satellites to cyberattacks has been a steady topic of conversation in the security world, even if it has flown somewhat under the radar, so to speak, compared with more terrestrial incidents. But military and commercial interests rely heavily on satellites and other space craft, for everything from communications and surveillance to GPS signals and space weapons, and the threats to those satellites are many, according to experts. The military and commercial satellite operators deploy a number of steps to secure their systems. Cyber threats are always evolving, forcing them to keep up from long-range.
While the fate of a Space Force–or a Space Corps, as the idea was being called earlier this year–is uncertain, the importance of space operations is getting renewed attention. The Department of Defense and Congress are considering establishing a “subordinate unified command for space” under the U.S. Strategic Command for space warfare, which would give space operations greater autonomy and, presumably, support from lawmakers.
DoD made the suggestion in a report to Congress in March, as a response to accelerated space activities by Russia and China. In April, the House Armed Services Committee’s Strategic Forces subcommittee included the idea in its markup of the Fiscal 2019 National Defense Authorization Act.