"CISA Researchers: Russia's Fancy Bear Infiltrated US Satellite Network"

Researchers at the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) recently detected Russian hackers lurking within a US satellite network, raising new fears about Moscow's plans to infiltrate and disrupt the space industry. Researchers linked the attack to the Russian military group known as Fancy Bear, also known as APT28. The attack involved a satellite communications provider with clients in critical infrastructure sectors in the US. In response to a warning concerning strange network behavior, CISA researchers discovered hackers in the satellite network. MJ Emanuel, a CISA incident response analyst who discussed the event at the CYBERWARCON cybersecurity conference last month, stated that Fancy Bear appears to have been in the victim's networks for months. Space security is a growing worldwide concern, particularly as businesses and militaries rely more on satellites for essential communications, the Global Positioning System (GPS), and Internet access. For example, prior to the February Russian invasion, Internet access in Ukraine was affected by a hack targeting the US telecommunications company Viasat, which offers Internet services throughout Europe. This strike, which officials attributed to Russia, is one of the most significant digital attacks of the war, prompting a warning from the FBI and CISA over the possibility of further Russian infiltration of satellite systems. The satellite network intrusion discovered by CISA is a prime example of the type of insufficient security that might provide intruders with access to networks. Fancy Bear apparently exploited a 2018 vulnerability found in an unpatched Virtual Private Network (VPN), allowing its hackers to harvest all active session credentials. This article continues to discuss the infiltration of a US satellite network by Fancy Bear. 

CyberScoop reports "CISA Researchers: Russia's Fancy Bear Infiltrated US Satellite Network"