Often, threat actors interested in attacking critical infrastructure target power plants, water/wastewater facilities and even government properties. However, one piece that people often don’t think about are satellites.
In 2007 and 2008, two U.S. satellites fell victim to a cyberattack, allegedly carried out by the Chinese government. While there was no discernable damage from the attack, the adversaries had an opportunity to cripple the satellites and make them burn up on re-entry into Earth’s atmosphere.
China executes cyberattack on satellites
According to the news outlet The Guardian, “a new annual report (at the time) by the U.S.-China Economic and Security Commission includes the claim that in October 2007 and July 2008 hackers used the connection from a ground station to affect the operation of the Landsat 7 and Terra (EOS AM-1) satellites, which are used for Earth observation.”
The threat actors initially gained access to these satellites through the Svalbard Satellite Station in Spitsbergen, Norway. According to Wired Magazine, this satellite station routinely relies on the Internet for data access and file transfers. The threat actors were able to take advantage of an unknown vulnerability in the satellite control system.
While the motive of the attack is unknown, it is believed that it was carried out to see how vulnerable U.S. satellites are, presumably to prepare for a potential larger-scale attack in the future. According to the Landsat 7 handbook — a handbook used by government entities like NASA as a reference for the Landsat observatory — hackers could “send faulty data which could make a satellite enter the atmosphere in an uncontrolled manner. That could lead to it burning up, possibly resulting in large pieces landing on Earth at unpredictable locations.”
According to Wired, these satellites are also used for spying and communication between different government entities. If China was able to get access, they could tap into different conversations.
Both satellites saw a combination of 14 minutes of interference in 2007 and 21 minutes in 2008.
The history of China executing cyberattacks on U.S. infrastructure
This isn’t the first time China has (allegedly) attacked U.S. infrastructure. In 2015, China stole data and documents related to the F-35 Lightning II fighter jet in a supply chain attack and used that information to make the Chinese J-31 stealth jet. This breach occurred because of a subcontractor and helped push the conversation about the Cybersecurity Maturity Model Certification (CMMC) forward.
In 2012, the U.S. government created a “honeypot trap” — a “network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts to gain unauthorized access to information systems.” The goal was to catch threat actors in a hack and study their process in order to prevent future attacks. China accounted for almost half of all critical attacks on the honeypot.
The elusive nature of cyberattacks
According to The Guardian, the report does not “directly blame the Chinese government for carrying them out or sponsoring them. But the claims are part of a long-standing pattern in reports from the commission, whose purpose is to monitor and investigate the national security implications of the U.S.’s trade with China.”
This is the thing with cyberattacks: It can be very difficult to narrow down who or what entity commits the attack, especially if it’s coming from a foreign source. According to Space.com, a spokesperson from the Chinese embassy denied any involvement in the cyberattack, stating that the U.S. has “been collecting unproved stories to serve its purpose of vilifying China’s international image over the years [and China] never does anything that endangers other countries’ security interests.”
Despite this statement, there is still tension between the U.S. and China, and rightly so because of other cyber campaigns emanating from the country. This satellite attack is another example of how threat actors can impact physical systems through a cyberattack, with the potential to cause harm to human life and safety.