In part of the Space Cybersecurity Open Project, we publish below a Space Attacks Open Database. This first version is the result of the work of several researchers :
Mark Manulis, R. Harrison & Venkkatesh Sekar (Surrey Centre for Cyber Security, University of Surrey, Guildford, UK), Christopher P. Bridges (Surrey Space Centre, University of Surrey, Guildford, UK) and Andy Davis (NCC Group, Manchester, UK), authors of « Cyber Security in New Space« , within which we can find a link to an electronic supplementary material that contains a list of Space Attacks.
I have to mention Prof. Gregory Falco (Cybersecurity Research Fellow, Harvard University; Research Scholar, Stanford University; Research Affiliate, MIT) and one of his student but also Harrison Caudill and Jim Volp from OSA (Orbital Security Alliance) who are working hard on a such Database.
Our goal is to reference the latest known Space Attacks in order to maintain an up to date Database with the contribution of the Community.
If you want to contribute to this project or if you want to inform us about new space attacks, contact us with the following form.
Some terms explanation
Computer network exploitation (CNE) is a technique through which computer networks are used to infiltrate target computers’ networks to extract and gather intelligence data. It enables the exploitation of the individual computers and computer networks of an external organization or country in order to collect any sensitive or confidential data, which is typically kept hidden and protected from the general public.
Hijack attack, in communication, is a form of active wiretapping in which the attacker seizes control of a previously established communication association.
Jamming is a form of electronic anti-satellite (ASAT) attack that interferes with communications traveling to and from a satellite by emitting noise of the same radio frequency (RF) within the field of view of the satellite’s antennas
The term « eavesdropping » is used to refer to the interception of communication between two parties by a malicious third party.
Date
Type of Attack
Segment
Target
Type of Target
Origin
Impact
Intent
References
Date
Type of Attack
Segment
Target
Type of Target
Origin
Impact
Intent
References
1977
Hijacking
Data Comms
ITM new broadcast (audio)
Commercial
Unknown
Audio was replaced by one which warned humankind’s current path would lead to a bad future
Warning
[1]
1985
Hijacking
Data Comms
State-run television broadcasts in Torun
Government
Academics
Superimposed political messages onto TV broadcasts
Political
[2]
1986
Hijacking
Ground Segment
Home Box Office (HBO) satellite TV network - Galaxy 1 satellite
Commercial
Single insider
Disrupted uplink and displayed messages for 4 to 5 minutes of HBO on US East coast
Warning
[3]
1987
Hijacking
Data Comms
PlayBoy Channel
Commercial
Insider from Christian Broadcasting Network
Signal was hijacked/jammed – character generator and transmitter at CBN matched the tape recording of the jamming
Warning
[1]
1987
Hijacking
Data Comms
Chicago-based TV broadcasts
Commercial
Unknown
Max Headroom impersonator hijacked TV signals for two chicago-based stations.
Unknown
[1]
1995
Jamming
Data Comms
Kurdish satellite TV channel MED-TV
Commercial
Turkey
Transmissions of MED-TV from the Eutelsat satellite were jammed intentionally as it was believed to be a ``mouthpiece" for terrorist groups.
Political
[1]
1997
Jamming
Data Comms
Communication satellite APSTAR-1A
Government
Indonesia
Indonesian satellite transmitted interference to jam APSTAR-1A due to its use of a disputed orbital slot cite
Political
[1,4]
1997
CNE
Ground Segment
NASA
Government
Unknown
Cyber attack on NASA’s Goddard Space Flight Centre – able to control computers which designed and tested command and control codes, and then transferred information overseas
State Espionage
[1]
1998
Control
Space Segment
US-German ROSAT satellite
Government
Russia (allegedly)
Satellite turned towards the sun, damaging itself and rendering itself useless. Linked (tenuously) to a intrusion at the Goddard Space Flight Centre. Could have also been a malfunction?
Unknown
[1]
1998
CNE
Ground Segment
Pentagon network
Government, Military
Hacking Group Masters of Downloading
Hacking group claimed to have stolen satellite control software from Pentagon network – Pentagon denies this but revealed that a less secure network containing sensitive information had been breached. Also the group was considering “selling the information to international terrorist groups or foreign governments”
Criminal- selling information on for esp/terrorism
[1]
1998
Denial of Service (Accidental)
Space Segment
PANAMSAT Galaxy 4 sat
Commercial
N/A Accidental
On-board processor anomaly disabled 80-90% of pagers across US for 2-4 days, blocked credit card transactions.
Accident
[1]
2000
Jamming
Data Comms
British and US military tanks
Military
French Security Agency
GPS navigation signals used in British and US military tanks were jammed in tank trial for the Greek army. intended to make US and British tanks look inferior to others so that Grecian military chose other tanks.
State Espionage
[1,5]
2001
CNE
Ground Segment
NASA facilities
Government
British Hacker Gary Mckinnon
Exploited default credentials to gain access to networks at five NASA facilities
Hack and Leak
[6]
2002
Hijacking
Data Comms
Chinese satellite TV broadcasts
Commercial
Falun Gong cult
“Television signals illegally broadcast by the Falun Gong cult cut into transmissions using the Sino Satellite (SINOSAT) from June 23 to 30, blocking the World Cup finals for viewers in some rural and remote areas in China.”
Political
[7]
2002
CNE
Ground Segment
Marshall Space Flight Center
Government
China (suspected)
Intruder was able to penetrate into the network and steal design of rocket engines
State Espionage
[1]
2002
Jamming
Data Comms
Accidental- civilian GPS
Civilian
Poorly installed CCTV camera by man from Douglas
Accidental interference from poorly installed CCTV camera blocked GPS signals within a kilometre.
Accident
[8]
2002
Eavesdropping
Data Comms
NATO surveillance
Military
Radio Amateur
Radio Amateur from England was able to eavesdrop on satellite signals from NATO surveillance flights
Research
[9]
2003
Jamming
Data Comms
Telstar 12 satellite TV transmissions
Civilian
Iran and Cuba
US-sponsered news transmissions by the Telstar 12 satellite into Iran were disrupted by a Cuban electronic-intelligence facility
Political
[10]
2004
Hijacking
Data Comms
Chinese satellite TV broadcasts
Commercial
Falun Gong cult
“On Saturday evening, television programmes promoting Falun Gong appeared on the feed beamed into China from a satellite owned by the Hong Kong company AsiaSat.”
Political
[11]
2005
Jamming
Data Comms
Satellite radio station ``Sout Libya" uplinks to the Eutelsat HotBird and Telstar 12 satellites
Civilian
Libyan Government
Within minutes of the Sout Libya radio station broadcasting, the Libyan government jammed the radio station's signal with a high-powered one. This jamming also affected many British and European TV and radio station and is alleged to have disrupted American communications as well. Same behaviour observed when Sout Libya changed satellite provider cite.
Political
[12]
2005
CNE
Ground Segment
Kennedy Space Center’s Vehicle Assembly Building, NASA satellite control complex in Maryland, Johnson Space Center in Houston
Government
Taiwan (suspected)
Malware gathered data from computers in the VAB, then spread to other networks in Maryland and Houston. 20 GB of compressed data was sent to Taiwan
State Espionage
[1]
2005
Jamming
Data Comms
Telecom satellites
Commercial, Government, Military
Libyan Government
Disrupted signal for several TV and radio stations which served Britain and Europe and American diplomatic, military and FBI comms
Political
[1]
2006
Hijacking
Data Comms
Al Manar TV station
Commercial
Israel (state-sponsored)
Disrupted transmission to broadcast ant-Hezbollah propaganda
Political
[1]
2006
Jamming
Data Comms
Thuraya mobile sat comms
Commercial
Libyan nationals
Signals jammed for six months, in an attempt to disrupt smuggling operations which used the Thuraya sat phones
Stop criminal activity
[1]
2006
Phishing/CNE
Ground Segment
NASA employees
Government
Unknown
NASA officials opened an email and clicked on a link which then infected and compromised workstations at their Washington headquarters. This allowed access to files containing cutting-edge satellite research
State Espionage
[1]
2007
Hijacking
Data Comms
Satellite TV broadcast(Intelsat satellite vacant Ku-band transponder)
Commercial
Liberation Tigers of Tamil Eelam (LTTE)
Illegal broadcast of Tamil Tigers (LTTE) propaganda
Political
[1]
2007
Internet Hijacking
Data Comms
End users of government, military, research and pharmaceutical organizations
Military, Civilian, Government, Commercial
Russsian Turla Hacking group
“exploiting the vulnerability of asynchronous satellite internet connections to sniff traffic, distilling the IP addresses of satellite subscribers. All the attackers need then is to set up their servers with the same IPs, configure these addresses into their malware and, after a successful infection,wait for its call for C&C”
Criminal
[13]
2007
Hijacking
Ground Segment
Czech TV programme
Commercial
Unknown
Camera;s which usually show imagery of Prague and other locations, one had a feed tampered with onsite and video stream was replaced.(Video showed CGI of small nuclear explosion and white noise)
Warning
[1]
2007
Hijacking
Data Comms
WJLA’s digital/HD signals
Commercial
N/A Accidental
Grainy photo interrupted signals for two hours. Originally thought to be signal intrusion, was confirmed to be result of a malfunctioning HDTV encoder
Accident
[1]
2007
CNE
Ground Segment
Goddard Space Flight Center
Government
Unknown
Attack affected networks which processed data from the Earth Observing system
State Espionage
[1]
2007
Jamming
Space Segment
Landsat-7
Government
Unknown
Satellite “experienced 12 or more minutes of interference”
Unknown
[14]
2007
CNE
Space Segment
ISS computers
Government
Compromised laptop brought on by Russian astronaut
Unknown- virus was designed to steal credentials for popular games and send back to central server. SpaceRef:”Virus was never a threat to any of the computers used for cmd and cntl and no adverse effect on ISS Ops.” Also brought to light than no AV measures were present and that windows XP was still in use in the systems, which prompted use of Linux.
Accident
[15,16]
2007
ASAT Incident
Space Segment
Chinese weather satellite
Government
China
Anti-satellite test with kinetic kill weapon destroyed defunct chinese weather satellite and created vast amounts of space debris
Satellite destruction
[17,18]
2008
Control
Unknown (but Ground is hypothesised)
Terra EOS AM-1 satellite
Government
Unknown
Satellite experienced several minutes of interference and the capability for the attacker to command was achieved but no commands were given. This occurred twice in 2008, in June, then again in October. Report states that commercially operated ground stations may have been weak point, however KSAT deny this
State Espionage
[1,14]
2008
Control
Unknown (but Ground is hypothesised)
Terra EOS AM-1 satellite
Government
Unknown
Satellite experienced several minutes of interference and the capability for the attacker to command was achieved but no commands were given. This occurred twice in 2008, in June, then again in October.
State Espionage
[1,14]
2008
Control
Space Segment, Ground Segment
International Space Station
Government
Unknown
A trojan horse infected the Johnson Space Centre's computers which provide an uplink to the ISS to attackers, disrupting several systems on board. This was aided by the out-of-date software in use onboard the ISS
State Espionage
[1]
2008
Jamming
Data Comms
Landsat-7
Government
Unknown
Satellite “experienced 12 or more minutes of interference. The responsible party did not achieve all steps required to command the satellite”
Unknown
[1,14]
2008
ASAT Incident
Space Segment
USA-193 recon satellite
Military
USA
USA-193 satellite failed shortly after launch in 2006. US military confirmed they had shot it down with a missile to destroy it
Satellite destruction
[19]
2009
Hijacking
Data Comms
US Navy communication satellite frequencies
Military
Various- university professors, electricians, truckers and farmers
Hijack of frequencies for personal CB radio use
Personal use
[1]
2009
Eavesdropping
Data Comms
US Military Predator Drones
Military
Iraqi Shi'a militia group
Insurgents captured unencrypted live video feeds from US military unmanned aircraft using a commercial software tool named SkyGrabber
State Espionage
[1]
2010
Denial of Service (Accidental)
Ground Segment
Accidental – GPS receivers
Civilian, Military
GPS software update
software update to gps ground segment caused a denial of service , impacting several thousand receivers
Accident
[8,20]
2010
Jamming
Data Comms
Persian-language satellite broadcasts
Commercial
Iranian source
Intentional jamming of broadcasts of BBC, Deutsche Welle and Eutelsat
Political
[1]
2011
Jamming
Data Comms
LuaLua TV (Bahrani current affairs network)
Commercial, Civilian, Government
Within Bahrain
Jammed for four hours after first transmission
Political
[1,21]
2011
Jamming
Data Comms
Thuraya satellites
Commercial
Libyan nationals
Signals jammed for six months, in an attempt to disrupt smuggling operations which used the Thuraya sat phones
Stop criminal activity
[1]
2011
Jamming
Data Comms
Ethiopian Sat TV (ESAT)
Commercial
Ethiopian & Chinese Governments
Jammed ESAT signals by 2 governments
Political
[1]
2011
CNE
Ground Segment
JPL
Government
Chinese IPs
Attack on JPL network, compromising credentials of employees, able to modify, add, delete files and users, full control over these networks. Another 46 APT attacks were reported, with 13 successfully compromising agency computers.
State Espionage
[22]
This plus another 13 successful attacks for NASA systems in 2011.
2011
Theft/Loss
Ground Segment
NASA unencrypted laptops
Government
Unknown
Disclosure of algorithms used to command ISS. Another 47 mobile computing devices reported lost or stolen between 2009 and 2011.
State Espionage
[22]
This plus another 47 incidents between 2009 and 2011
2011
CNE
Ground Segment
European Space Agency
Government
Hacker TinKode
Posted screenshots of admin, FTP, network management credentials on internet mailing list
Hack and Leak
[23]
2012
Jamming
Data Comms
Eritrean state-run sat TV
Government
Ethiopian Government (accused)
Blocked transmissions
Political
[1]
2012
Denial of Service
Ground Segment
BBC Persia satellite feeds and phone lines
Commercial
Iran (suspected)
“suffered attempts to jam BBC Persian phone lines in London and a "sophisticated cyber-attack" on its systems.”
Political
[24]
2013
Jamming
Data Comms
GPS receiver in Limo (civilian GPS)
Civilian
American Limo driver
Driver installed an illegal GPS jammer in his car to thwart the tracker in his car. Ended up jamming signals in s GPS-guidance system at Newark Airport
Personal use
[25]
2013
Jamming
Data Comms
Al-Jazeera Egyptian broadcasts
Government (state-run media outlet)
Unknown but reported to have originated from outside Cairo
Jamming of Al-Jezeera egyptian TV signals
Political
[26]
2013
Spoofing
Data Comms
GPS navigtaion system in a yacht
Civilian
Researchers
“ "proof-of-concept" attack was successfully performed in June, 2013, when the luxury yacht White Rose of Drachs was misdirected with spoofed GPS signals...which altered the course of the yacht”.
Research
[27]
2014
Jamming
Data Comms
ARABSAT TV downlinks
Commercial
Ethiopian Source
Jammed signals which disturbed many TV channels- Arabsat speculated that it may be accidental and jammers were targeting nearby satellites as Arabsat doesn’t broadcast in Ethopia or Eritrea.
Political
[28]
2014
CNE
Ground Segment
Germany’s space research centre in Cologne
Government
Unknown but state-level cyber actors
Suffered an intrusion, “malware on machines used by researchers and sysadmins”
State Espionage
[29]
2014
CNE
Ground Segment
National Oceanic and Atmospheric Administration
Government
China (suspected)
Four websites were hacked, government was forced to shut down services, however purpose/impact of the attack was not made public
State Espionage
[30,31]
2014
Hijacking
Data Comms
Isreali Channel 10 broadcasts
Commercial
Al-Qassam Brigades (Hamas)
Took over satellite feed to broadcast propaganda
Political
[32]
2015
Eavesdropping
Data Comms
Iridium communications constellation
Commercial
Security Researchers
Iridium satellite constellation communications were analysed and decoded to reveal clear text pager information
Research
[33]
2015
CNE
Ground Segment
ESA website and users
Government
Hacking group Anonymous
Published database schema of ESA website, with info relating to users, collaboraters and subscribers
Hack and Leak
[34]
2015
CNE
Ground Segment
NASA
Government
Hacking collective Anonsec
Anonsec “bought access to an agency computer from another hacker.” and then used it to pivot into network. Published 250 GB dump of data.
Hack and Leak
[35]
2016
Phishing/CNE
Ground Segment
Aerospace companies
Commercial, Government
APT28 hacking group (sponsored by Russian intelligence
attackers used “a phishing email to lure the user into downloading a file that looks like a PDF but instead is malicious executable code”. Contained trojan.
State Espionage & Corporate Espionage
[36,37]
2016
Hijacking
Data Comms
Israeli Channel 2 broadcast
Commercial
Hamas
broadcast was “suddenly interrupted, and TV screens filled instead with images and messages of incitement from Hamas, which warned of fresh terror attacks.”
Political
[38]
2017
Spoofing
Data Comms
Ships in Black Sea
Civilian
Russia (allegedly)
Maritime navigation systems onboard several vessels reported incorrect ship locations from false GPS signals. ““trying to trigger UAV geo-fencing, which prevents UAVs from flying near airports”
Geo-fencing
[39]
2017
Jamming
Data Comms
Accidental- civilian GPS
Civilian
GPS jammer in parked car
Driver in France left an operational GPS jammer in his car which was parked at Nantes airport – interfered with aircraft tracking systems
Personal use
[40]
2017
CNE/Phishing
Ground Segment
Aerospace companies
Commercial, Military
APT33 group (iran)
Phishing emails sent into aerospace companies to download trojan backdoor.
State Espionage & Corporate Espionage
[41]
2017
Hijacking
Data Comms
Libyan Television broadcats
Commercial
Gaddafists
Broadcasts were interrupted by Gaddafists
Political
[42]
2017
Spoofing
Data Comms
GPS time spoofing for TOTP authentication method
Civilian
Researchers
Able to spoof GPS timing in an air-gapped network to bypass TOTP authentication
Research
[43]
2018
CNE
Ground Segment
Satellite Operator
Commercial
Computers in China, Thrip group
“looking for and infecting computers running software that monitors and controls satellites” to potentially disrupt satellite operations
Corporate Espionage
[44]
2018
CNE
Ground Segment
NASA
Government
Unknown
“According to an internal memo circulated among staff on Tuesday, in mid-October the US space agency investigated whether or not two of its machines holding employee records had been compromised, and discovered one of them may have been infiltrated by miscreants. It was further feared that this sensitive personal data had been siphoned from the hijacked server.”
State Espionage
[45,46]
2019
ASAT Incident
Space Segment
Microsat-R military satellite
Military
India
Microsat-R test satellite was destroyed in LEO by ASAT weapon
