AIAA

The World's Forum for Aerospace Leadership

  • MY AIAA
  • Donate
  • Press Room
  • Renew
  • View Cart
American Institute of Aeronautics and Astronautics

    Breaking News – Malware Campaign Targeting Satellite Companies

    Breaking News – Malware Campaign Targeting Satellite Companies

    22 June 2018

    On June 19, 2018, Symantec announced that it had discovered a resurgent malware campaign that appears to have originated in China and that targeted, among others, aerospace companies. Symantec has tracked the entity conducting the attacks, known as “Thrip,” since 2013, but Thrip has increased its activities recently. The malware attempts to gain access to operational technology, including systems that control satellites. The group has targeted satellite companies, telecommunications companies, and defense contractors. Unlike most cyber attacks, Thrip aims to target the companies’ operational systems, not only the corporate data or customers of the company.

    Thrip decreased the likelihood of detection by traditional security tools and increased the chances of a successful attack by running simple scripts and shellcode in memory directly. Symantec’s Targeted Attack Analytics (TAA) toolset, which uses Artificial Intelligence (A.I.) and machine learning to understand operational cyberattacks and trends, was responsible for uncovering this campaign. Cybersecurity technologies increasingly use A.I. and analytics to identify and track malicious activity on the Internet and within corporate networks, as Protocol reported in its November 2017 issue.

    This new campaign comes as tensions between the U.S. and China over cybersecurity, trade, and other geopolitical issues have gained momentum.  Among these issues, the U.S. Senate, House, and White House have been negotiating over a ban on the Chinese telecommunications giant ZTE as a security precaution against potential espionage operations in the U.S.

    This malware campaign highlights that attackers are increasingly targeting operational systems of companies and their products. This brings engineers, product developers, operators, and maintenance teams to the front lines of cybersecurity, requiring them to adopt cybersecurity best practices and incorporate techniques (including secure design) that emphasize assuring integrity and availability of systems and data. Those that are under attack must continue to search for innovative ways to protect satellites and other operational systems as part of a whole-of-enterprise effort.