ISRO was targeted by North Korean hackers during Chandrayaan 2 mission: Report

When the Indian Space Research Organisation (ISRO) was trying to land Chandrayaan 2 spacecraft Vikram lander on the Moon, the organisation was reportedly attacked by North Korean hackers.

According to a recent report by Daily Mail, ISRO was one of five government agencies to come under their attack. However, the officials from the Indian space agency denied that the attack impacted the Moon mission.

Reportedly, ISRO employees accidentally installed malware on to their systems after opening phishing emails from North Korean spammers.

GSLV MkIII at Sriharikpta launchpad. Image: ISRO

Another report from the Financial Times suggests that ISRO was informed about the attack in September.

The said attack was apparently conducted using DTrack,  a type of malware, the US authorities believe, is linked to the Lazarus group controlled by the North Korean government.

A report by cybersecurity firm Kaspersky, the malware has been detected in financial institutions and research centres in 18 Indian states.

The same malware is also believed to have affected the Kudankulam nuclear plant.

On 3 September the National Cyber Coordination Center, that was set up to help the country deal with malicious cyber activities and cyber warfare, received information from a US-based cybersecurity company that a “threat actor” had breached master “domain controllers” at the Nuclear Power Corporation of India Limited’s (NPCIL) Kudankulam nuclear plant as well as ISRO, with malware.

The malware was later identified as Dtrack and the officials at both these government agencies were informed about these security breaches on 4 September, two days before the scheduled Chandrayaan 2 moon landing attempt.

Dtrack is a virus that has been developed by a North Korean hacker group called Lazarus. It allows hackers to get complete control over a device and they can extract data, remotely.  Dtrack RAT (remote administration tool) can infiltrate systems with weak network security policies and password standards. Once implemented, it can access all available files and running processes, keylogging, browser history and host IP addresses, including information about available networks and active connections.

from Firstpost Tech Latest News https://ift.tt/2p0l5ko