In part of the Space Cybersecurity Open Project, we publish below a Space Attacks Open Database. This first version is the result of the work of several researchers :
- Jason Fritz, author of « SATELLITE HACKING: A Guide for the Perplexed« .
- Mark Manulis, R. Harrison & Venkkatesh Sekar (Surrey Centre for Cyber Security, University of Surrey, Guildford, UK), Christopher P. Bridges (Surrey Space Centre, University of Surrey, Guildford, UK) and Andy Davis (NCC Group, Manchester, UK), authors of « Cyber Security in New Space« , within which we can find a link to an electronic supplementary material that contains a list of Space Attacks.
I have to mention Prof. Gregory Falco (Cybersecurity Research Fellow, Harvard University; Research Scholar, Stanford University; Research Affiliate, MIT) and one of his student but also Orbital Security Alliance) who are working hard on a such Database.
and Jim Volp from OSA (Our goal is to reference the latest known Space Attacks in order to maintain an up to date Database with the contribution of the Community.
If you want to contribute to this project or if you want to inform us about new space attacks, contact us with the following form.
Some terms explanation
- Computer network exploitation (CNE) is a technique through which computer networks are used to infiltrate target computers’ networks to extract and gather intelligence data. It enables the exploitation of the individual computers and computer networks of an external organization or country in order to collect any sensitive or confidential data, which is typically kept hidden and protected from the general public.
- Hijack attack, in communication, is a form of active wiretapping in which the attacker seizes control of a previously established communication association.
- Jamming is a form of electronic anti-satellite (ASAT) attack that interferes with communications traveling to and from a satellite by emitting noise of the same radio frequency (RF) within the field of view of the satellite’s antennas
- The term « eavesdropping » is used to refer to the interception of communication between two parties by a malicious third party.
Date | Type of Attack | Segment | Target | Type of Target | Origin | Impact | Intent | References | |
---|---|---|---|---|---|---|---|---|---|
1977 | Hijacking | Data Comms | ITM new broadcast (audio) | Commercial | Unknown | Audio was replaced by one which warned humankind’s current path would lead to a bad future | Warning | [1] | |
1985 | Hijacking | Data Comms | State-run television broadcasts in Torun | Government | Academics | Superimposed political messages onto TV broadcasts | Political | [2] | |
1986 | Hijacking | Ground Segment | Home Box Office (HBO) satellite TV network - Galaxy 1 satellite | Commercial | Single insider | Disrupted uplink and displayed messages for 4 to 5 minutes of HBO on US East coast | Warning | [3] | |
1987 | Hijacking | Data Comms | PlayBoy Channel | Commercial | Insider from Christian Broadcasting Network | Signal was hijacked/jammed – character generator and transmitter at CBN matched the tape recording of the jamming | Warning | [1] | |
1987 | Hijacking | Data Comms | Chicago-based TV broadcasts | Commercial | Unknown | Max Headroom impersonator hijacked TV signals for two chicago-based stations. | Unknown | [1] | |
1995 | Jamming | Data Comms | Kurdish satellite TV channel MED-TV | Commercial | Turkey | Transmissions of MED-TV from the Eutelsat satellite were jammed intentionally as it was believed to be a ``mouthpiece" for terrorist groups. | Political | [1] | |
1997 | Jamming | Data Comms | Communication satellite APSTAR-1A | Government | Indonesia | Indonesian satellite transmitted interference to jam APSTAR-1A due to its use of a disputed orbital slot cite | Political | [1,4] | |
1997 | CNE | Ground Segment | NASA | Government | Unknown | Cyber attack on NASA’s Goddard Space Flight Centre – able to control computers which designed and tested command and control codes, and then transferred information overseas | State Espionage | [1] | |
1998 | Control | Space Segment | US-German ROSAT satellite | Government | Russia (allegedly) | Satellite turned towards the sun, damaging itself and rendering itself useless. Linked (tenuously) to a intrusion at the Goddard Space Flight Centre. Could have also been a malfunction? | Unknown | [1] | |
1998 | CNE | Ground Segment | Pentagon network | Government, Military | Hacking Group Masters of Downloading | Hacking group claimed to have stolen satellite control software from Pentagon network – Pentagon denies this but revealed that a less secure network containing sensitive information had been breached. Also the group was considering “selling the information to international terrorist groups or foreign governments” | Criminal- selling information on for esp/terrorism | [1] | |
1998 | Denial of Service (Accidental) | Space Segment | PANAMSAT Galaxy 4 sat | Commercial | N/A Accidental | On-board processor anomaly disabled 80-90% of pagers across US for 2-4 days, blocked credit card transactions. | Accident | [1] | |
2000 | Jamming | Data Comms | British and US military tanks | Military | French Security Agency | GPS navigation signals used in British and US military tanks were jammed in tank trial for the Greek army. intended to make US and British tanks look inferior to others so that Grecian military chose other tanks. | State Espionage | [1,5] | |
2001 | CNE | Ground Segment | NASA facilities | Government | British Hacker Gary Mckinnon | Exploited default credentials to gain access to networks at five NASA facilities | Hack and Leak | [6] | |
2002 | Hijacking | Data Comms | Chinese satellite TV broadcasts | Commercial | Falun Gong cult | “Television signals illegally broadcast by the Falun Gong cult cut into transmissions using the Sino Satellite (SINOSAT) from June 23 to 30, blocking the World Cup finals for viewers in some rural and remote areas in China.” | Political | [7] | |
2002 | CNE | Ground Segment | Marshall Space Flight Center | Government | China (suspected) | Intruder was able to penetrate into the network and steal design of rocket engines | State Espionage | [1] | |
2002 | Jamming | Data Comms | Accidental- civilian GPS | Civilian | Poorly installed CCTV camera by man from Douglas | Accidental interference from poorly installed CCTV camera blocked GPS signals within a kilometre. | Accident | [8] | |
2002 | Eavesdropping | Data Comms | NATO surveillance | Military | Radio Amateur | Radio Amateur from England was able to eavesdrop on satellite signals from NATO surveillance flights | Research | [9] | |
2003 | Jamming | Data Comms | Telstar 12 satellite TV transmissions | Civilian | Iran and Cuba | US-sponsered news transmissions by the Telstar 12 satellite into Iran were disrupted by a Cuban electronic-intelligence facility | Political | [10] | |
2004 | Hijacking | Data Comms | Chinese satellite TV broadcasts | Commercial | Falun Gong cult | “On Saturday evening, television programmes promoting Falun Gong appeared on the feed beamed into China from a satellite owned by the Hong Kong company AsiaSat.” | Political | [11] | |
2005 | Jamming | Data Comms | Satellite radio station ``Sout Libya" uplinks to the Eutelsat HotBird and Telstar 12 satellites | Civilian | Libyan Government | Within minutes of the Sout Libya radio station broadcasting, the Libyan government jammed the radio station's signal with a high-powered one. This jamming also affected many British and European TV and radio station and is alleged to have disrupted American communications as well. Same behaviour observed when Sout Libya changed satellite provider cite. | Political | [12] | |
2005 | CNE | Ground Segment | Kennedy Space Center’s Vehicle Assembly Building, NASA satellite control complex in Maryland, Johnson Space Center in Houston | Government | Taiwan (suspected) | Malware gathered data from computers in the VAB, then spread to other networks in Maryland and Houston. 20 GB of compressed data was sent to Taiwan | State Espionage | [1] | |
2005 | Jamming | Data Comms | Telecom satellites | Commercial, Government, Military | Libyan Government | Disrupted signal for several TV and radio stations which served Britain and Europe and American diplomatic, military and FBI comms | Political | [1] | |
2006 | Hijacking | Data Comms | Al Manar TV station | Commercial | Israel (state-sponsored) | Disrupted transmission to broadcast ant-Hezbollah propaganda | Political | [1] | |
2006 | Jamming | Data Comms | Thuraya mobile sat comms | Commercial | Libyan nationals | Signals jammed for six months, in an attempt to disrupt smuggling operations which used the Thuraya sat phones | Stop criminal activity | [1] | |
2006 | Phishing/CNE | Ground Segment | NASA employees | Government | Unknown | NASA officials opened an email and clicked on a link which then infected and compromised workstations at their Washington headquarters. This allowed access to files containing cutting-edge satellite research | State Espionage | [1] | |
2007 | Hijacking | Data Comms | Satellite TV broadcast(Intelsat satellite vacant Ku-band transponder) | Commercial | Liberation Tigers of Tamil Eelam (LTTE) | Illegal broadcast of Tamil Tigers (LTTE) propaganda | Political | [1] | |
2007 | Internet Hijacking | Data Comms | End users of government, military, research and pharmaceutical organizations | Military, Civilian, Government, Commercial | Russsian Turla Hacking group | “exploiting the vulnerability of asynchronous satellite internet connections to sniff traffic, distilling the IP addresses of satellite subscribers. All the attackers need then is to set up their servers with the same IPs, configure these addresses into their malware and, after a successful infection,wait for its call for C&C” | Criminal | [13] | |
2007 | Hijacking | Ground Segment | Czech TV programme | Commercial | Unknown | Camera;s which usually show imagery of Prague and other locations, one had a feed tampered with onsite and video stream was replaced.(Video showed CGI of small nuclear explosion and white noise) | Warning | [1] | |
2007 | Hijacking | Data Comms | WJLA’s digital/HD signals | Commercial | N/A Accidental | Grainy photo interrupted signals for two hours. Originally thought to be signal intrusion, was confirmed to be result of a malfunctioning HDTV encoder | Accident | [1] | |
2007 | CNE | Ground Segment | Goddard Space Flight Center | Government | Unknown | Attack affected networks which processed data from the Earth Observing system | State Espionage | [1] | |
2007 | Jamming | Space Segment | Landsat-7 | Government | Unknown | Satellite “experienced 12 or more minutes of interference” | Unknown | [14] | |
2007 | CNE | Space Segment | ISS computers | Government | Compromised laptop brought on by Russian astronaut | Unknown- virus was designed to steal credentials for popular games and send back to central server. SpaceRef:”Virus was never a threat to any of the computers used for cmd and cntl and no adverse effect on ISS Ops.” Also brought to light than no AV measures were present and that windows XP was still in use in the systems, which prompted use of Linux. | Accident | [15,16] | |
2007 | ASAT Incident | Space Segment | Chinese weather satellite | Government | China | Anti-satellite test with kinetic kill weapon destroyed defunct chinese weather satellite and created vast amounts of space debris | Satellite destruction | [17,18] | |
2008 | Control | Unknown (but Ground is hypothesised) | Terra EOS AM-1 satellite | Government | Unknown | Satellite experienced several minutes of interference and the capability for the attacker to command was achieved but no commands were given. This occurred twice in 2008, in June, then again in October. Report states that commercially operated ground stations may have been weak point, however KSAT deny this | State Espionage | [1,14] | |
2008 | Control | Unknown (but Ground is hypothesised) | Terra EOS AM-1 satellite | Government | Unknown | Satellite experienced several minutes of interference and the capability for the attacker to command was achieved but no commands were given. This occurred twice in 2008, in June, then again in October. | State Espionage | [1,14] | |
2008 | Control | Space Segment, Ground Segment | International Space Station | Government | Unknown | A trojan horse infected the Johnson Space Centre's computers which provide an uplink to the ISS to attackers, disrupting several systems on board. This was aided by the out-of-date software in use onboard the ISS | State Espionage | [1] | |
2008 | Jamming | Data Comms | Landsat-7 | Government | Unknown | Satellite “experienced 12 or more minutes of interference. The responsible party did not achieve all steps required to command the satellite” | Unknown | [1,14] | |
2008 | ASAT Incident | Space Segment | USA-193 recon satellite | Military | USA | USA-193 satellite failed shortly after launch in 2006. US military confirmed they had shot it down with a missile to destroy it | Satellite destruction | [19] | |
2009 | Hijacking | Data Comms | US Navy communication satellite frequencies | Military | Various- university professors, electricians, truckers and farmers | Hijack of frequencies for personal CB radio use | Personal use | [1] | |
2009 | Eavesdropping | Data Comms | US Military Predator Drones | Military | Iraqi Shi'a militia group | Insurgents captured unencrypted live video feeds from US military unmanned aircraft using a commercial software tool named SkyGrabber | State Espionage | [1] | |
2010 | Denial of Service (Accidental) | Ground Segment | Accidental – GPS receivers | Civilian, Military | GPS software update | software update to gps ground segment caused a denial of service , impacting several thousand receivers | Accident | [8,20] | |
2010 | Jamming | Data Comms | Persian-language satellite broadcasts | Commercial | Iranian source | Intentional jamming of broadcasts of BBC, Deutsche Welle and Eutelsat | Political | [1] | |
2011 | Jamming | Data Comms | LuaLua TV (Bahrani current affairs network) | Commercial, Civilian, Government | Within Bahrain | Jammed for four hours after first transmission | Political | [1,21] | |
2011 | Jamming | Data Comms | Thuraya satellites | Commercial | Libyan nationals | Signals jammed for six months, in an attempt to disrupt smuggling operations which used the Thuraya sat phones | Stop criminal activity | [1] | |
2011 | Jamming | Data Comms | Ethiopian Sat TV (ESAT) | Commercial | Ethiopian & Chinese Governments | Jammed ESAT signals by 2 governments | Political | [1] | |
2011 | CNE | Ground Segment | JPL | Government | Chinese IPs | Attack on JPL network, compromising credentials of employees, able to modify, add, delete files and users, full control over these networks. Another 46 APT attacks were reported, with 13 successfully compromising agency computers. | State Espionage | [22] | This plus another 13 successful attacks for NASA systems in 2011. |
2011 | Theft/Loss | Ground Segment | NASA unencrypted laptops | Government | Unknown | Disclosure of algorithms used to command ISS. Another 47 mobile computing devices reported lost or stolen between 2009 and 2011. | State Espionage | [22] | This plus another 47 incidents between 2009 and 2011 |
2011 | CNE | Ground Segment | European Space Agency | Government | Hacker TinKode | Posted screenshots of admin, FTP, network management credentials on internet mailing list | Hack and Leak | [23] | |
2012 | Jamming | Data Comms | Eritrean state-run sat TV | Government | Ethiopian Government (accused) | Blocked transmissions | Political | [1] | |
2012 | Denial of Service | Ground Segment | BBC Persia satellite feeds and phone lines | Commercial | Iran (suspected) | “suffered attempts to jam BBC Persian phone lines in London and a "sophisticated cyber-attack" on its systems.” | Political | [24] | |
2013 | Jamming | Data Comms | GPS receiver in Limo (civilian GPS) | Civilian | American Limo driver | Driver installed an illegal GPS jammer in his car to thwart the tracker in his car. Ended up jamming signals in s GPS-guidance system at Newark Airport | Personal use | [25] | |
2013 | Jamming | Data Comms | Al-Jazeera Egyptian broadcasts | Government (state-run media outlet) | Unknown but reported to have originated from outside Cairo | Jamming of Al-Jezeera egyptian TV signals | Political | [26] | |
2013 | Spoofing | Data Comms | GPS navigtaion system in a yacht | Civilian | Researchers | “ "proof-of-concept" attack was successfully performed in June, 2013, when the luxury yacht White Rose of Drachs was misdirected with spoofed GPS signals...which altered the course of the yacht”. | Research | [27] | |
2014 | Jamming | Data Comms | ARABSAT TV downlinks | Commercial | Ethiopian Source | Jammed signals which disturbed many TV channels- Arabsat speculated that it may be accidental and jammers were targeting nearby satellites as Arabsat doesn’t broadcast in Ethopia or Eritrea. | Political | [28] | |
2014 | CNE | Ground Segment | Germany’s space research centre in Cologne | Government | Unknown but state-level cyber actors | Suffered an intrusion, “malware on machines used by researchers and sysadmins” | State Espionage | [29] | |
2014 | CNE | Ground Segment | National Oceanic and Atmospheric Administration | Government | China (suspected) | Four websites were hacked, government was forced to shut down services, however purpose/impact of the attack was not made public | State Espionage | [30,31] | |
2014 | Hijacking | Data Comms | Isreali Channel 10 broadcasts | Commercial | Al-Qassam Brigades (Hamas) | Took over satellite feed to broadcast propaganda | Political | [32] | |
2015 | Eavesdropping | Data Comms | Iridium communications constellation | Commercial | Security Researchers | Iridium satellite constellation communications were analysed and decoded to reveal clear text pager information | Research | [33] | |
2015 | CNE | Ground Segment | ESA website and users | Government | Hacking group Anonymous | Published database schema of ESA website, with info relating to users, collaboraters and subscribers | Hack and Leak | [34] | |
2015 | CNE | Ground Segment | NASA | Government | Hacking collective Anonsec | Anonsec “bought access to an agency computer from another hacker.” and then used it to pivot into network. Published 250 GB dump of data. | Hack and Leak | [35] | |
2016 | Phishing/CNE | Ground Segment | Aerospace companies | Commercial, Government | APT28 hacking group (sponsored by Russian intelligence | attackers used “a phishing email to lure the user into downloading a file that looks like a PDF but instead is malicious executable code”. Contained trojan. | State Espionage & Corporate Espionage | [36,37] | |
2016 | Hijacking | Data Comms | Israeli Channel 2 broadcast | Commercial | Hamas | broadcast was “suddenly interrupted, and TV screens filled instead with images and messages of incitement from Hamas, which warned of fresh terror attacks.” | Political | [38] | |
2017 | Spoofing | Data Comms | Ships in Black Sea | Civilian | Russia (allegedly) | Maritime navigation systems onboard several vessels reported incorrect ship locations from false GPS signals. ““trying to trigger UAV geo-fencing, which prevents UAVs from flying near airports” | Geo-fencing | [39] | |
2017 | Jamming | Data Comms | Accidental- civilian GPS | Civilian | GPS jammer in parked car | Driver in France left an operational GPS jammer in his car which was parked at Nantes airport – interfered with aircraft tracking systems | Personal use | [40] | |
2017 | CNE/Phishing | Ground Segment | Aerospace companies | Commercial, Military | APT33 group (iran) | Phishing emails sent into aerospace companies to download trojan backdoor. | State Espionage & Corporate Espionage | [41] | |
2017 | Hijacking | Data Comms | Libyan Television broadcats | Commercial | Gaddafists | Broadcasts were interrupted by Gaddafists | Political | [42] | |
2017 | Spoofing | Data Comms | GPS time spoofing for TOTP authentication method | Civilian | Researchers | Able to spoof GPS timing in an air-gapped network to bypass TOTP authentication | Research | [43] | |
2018 | CNE | Ground Segment | Satellite Operator | Commercial | Computers in China, Thrip group | “looking for and infecting computers running software that monitors and controls satellites” to potentially disrupt satellite operations | Corporate Espionage | [44] | |
2018 | CNE | Ground Segment | NASA | Government | Unknown | “According to an internal memo circulated among staff on Tuesday, in mid-October the US space agency investigated whether or not two of its machines holding employee records had been compromised, and discovered one of them may have been infiltrated by miscreants. It was further feared that this sensitive personal data had been siphoned from the hijacked server.” | State Espionage | [45,46] | |
2019 | ASAT Incident | Space Segment | Microsat-R military satellite | Military | India | Microsat-R test satellite was destroyed in LEO by ASAT weapon | Satellite destruction | [47] |
Find below all references