Cygilant Blog

Hackers Used Satellites to Spy on Federal Departments

Posted by Vijay Basani on Sep 16, 2015

A Russian spy operation is using commercial satellite Internet connections to gather sensitive information from diplomatic and military agencies from around the world. Cybersecurity research firm Kaspersky Lab suspects that the hackers have infected computers in 45 different countries. Their targets are mainly government agencies and embassies, and research and development departments at pharmaceutical companies. This Russian hacking group has been compared to the same one that was able to hack the State Department, White House, and Pentagon earlier this year, although it has not been confirmed if the two groups are associated. Researchers won’t say if the hackers are state sponsored, but do suspect that they are affiliated with the Russian government in some way.


The malware used to siphon data was created by a Russian-speaking hacker group called Venomous Bear. The group is also referred to as “Snake,” “Uroburos,” “Epic Turla,” and “Turla Group” -- named after the rootkit and malware they used to get information. The malware, Turla, has been taking data from military and diplomatic targets in the United States, Europe, the Middle East, and Central Asia for the eight years. The hackers were mainly looking to gather political and strategic intelligence.


Turla Group listens for downstream communications from a satellite using a cheap antenna-based system. The hackers then try to spot active IP addresses to hijack. Turla Group plants malicious software on a website that its target frequently goes to. When the target goes to the website, Turla Group gains control of the user’s computer. The satellite link then steals data from its targets. The hackers have made highly sophisticated malware for with both Windows and Linux operating systems.


Turla Group avoids law enforcement by using consumer satellite Internet connections in Middle Eastern and African countries. The satellite connections through different countries help shield the hackers’ identities. The hackers from Turla Group could be thousands of miles away from the satellites they exploited, across national borders. The users don’t even notice the data coming in because the hackers send the data to ports that aren’t often used. Turla Group doesn’t bother with hacking the user’s information. According to the Kaspersky researchers, the satellites prevent authorities from finding the command servers that the hackers are using.


The flaw in this plan for the hackers, though, is that their connection speed is slower since they’re using someone else’s connection. When the user logs off, the hacker’s connection gets terminated as well. Despite the flaws, the hackers continue to use satellites to gather information because it is so hard for the authorities to identify them.


Russia and Kazakhstan have the highest infection rate from this virus. The United States, China, and Vietnam have the second highest infection rates. Ukraine, Brazil, and Saudi Arabia are among the countries that have the lowest infection rates. Turla Group also focuses on pilfering data from countries that were formerly in the Eastern Bloc. The researchers have noticed that Turla Group is one of the more selective hacking groups. The hackers that are a part of Turla Group have put a lot of effort into maintaining and investing in their infrastructure and keeping it anonymous.


The SecureVue cybersecurity and information assurance platform from EiQ Networks offers government agencies the tools they need to protect their departments from hackers. SecureVue offers cyber analytics through an optimized, self-contained database is highly efficient and requires no maintenance. With SecureVue, government agencies can have continuous DISA STIG & USGCB monitoring, and save time through automated benchmark checks. Automated checks let government agencies increase accuracy and reduce their reliance on manual data collection and processing. SecureVue also alerts Information Assurance Managers about suspicious or unusual activity in a timely manner, so they can act quickly. EiQ’s SecureVue platform is designed to help federal agencies keep their information safe from data breaches.

Tags: Hacking, SecureVue, Federal Government

Most Recent Posts

Subscribe to Email Updates