When the Indian Space Research Organisation (ISRO) was trying to land Chandrayaan 2 spacecraft’s Vikram lander on the Moon, the organisation was reportedly attacked by North Korean hackers.
According to a recent report by The Quint, ISRO was one of five government agencies to come under their attack. However, the officials from the Indian space agency denied that the attack impacted the Moon mission.
Reportedly, ISRO employees accidentally installed malware on to their systems after opening phishing emails from North Korean spammers.
“We know they were targeted, they got the link, they clicked on the link. That much we can confirm so far,” Yash Kadakia, founder of Security Bridge, a Mumbai-based cybersecurity company, told The Quint.
The said attack was apparently conducted using DTrack, a type of malware, the US authorities believe, is linked to the Lazarus group controlled by the North Korean government.
A report by cybersecurity firm Kaspersky, the malware has been detected in financial institutions and research centres in 18 Indian states.
On 3 September the National Cyber Coordination Center, that was set up to help the country deal with malicious cyber activities and cyber warfare, received information from a US-based cybersecurity company that a “threat actor” had breached master “domain controllers” at the Nuclear Power Corporation of India Limited’s (NPCIL) Kudankulam nuclear plant as well as ISRO, with malware.
The malware was later identified as Dtrack and the officials at both these government agencies were informed about these security breaches on 4 September, two days before the scheduled Chandrayaan 2 moon landing attempt.
Dtrack is a virus that has been developed by a North Korean hacker group called Lazarus. It allows hackers to get complete control over a device and they can extract data, remotely. Dtrack RAT (remote administration tool) can infiltrate systems with weak network security policies and password standards. Once implemented, it can access all available files and running processes, keylogging, browser history and host IP addresses, including information about available networks and active connections.