Fixxx
Moderator
- Joined
- Aug 21, 2024
- Messages
- 769
- Reaction score
- 3,665
- Points
- 93
Spacecom, the Israeli company operating the AMOS satellite fleet, has been claimed by a hacker gang, which claims it obtained access to the company’s ground control stations. However, researchers believe the attacker's claims are not entirely earthly. Spacecom was posted on the pro-Palestinian hacker group Handala’s dark web blog, which the gang uses to showcase its latest victims. The attackers claim they’ve obtained hundreds of gigabytes of data from the company’s systems, including data from ground stations, an essential part of the infrastructure needed to control satellites. Spacecom operates several satellites, called AMOS, which allow the company to provide civilian and military communication services in the Middle East, the EU, and other regions. The company’s revenue hovers around $100 million.
According to Handala, the alleged data breach involves 379GB of data, which includes information from numerous ground stations across several countries. The group has also shared an additional post that supposedly reveals personal details about the company’s employees. The Cybernews research team investigated the data sample that the attackers provided. According to the team, the screenshots on the dark web include pictures of NDA agreements between Spacecom and its clientele. These mostly refer to the clients who use AMOS-17 for telecommunications. Contracts include specifications of plans offered, which could not be considered very sensitive.
The team believes that the information could mainly be used for social engineering attacks targeting the company’s staff.
Meanwhile, Handala is a pro-Tehran hacktivist group that targets Israeli and Western organizations. Similar to ransomware gangs, the group operates a dark web blog, which it utilizes to post stolen data. Earlier this year, the group targeted Iran International, one of the nation's only sources of independent news.
*attackers' post on the dark web.
Spacecom data breach: what the attackers claim
According to Handala, the alleged data breach involves 379GB of data, which includes information from numerous ground stations across several countries. The group has also shared an additional post that supposedly reveals personal details about the company’s employees. The Cybernews research team investigated the data sample that the attackers provided. According to the team, the screenshots on the dark web include pictures of NDA agreements between Spacecom and its clientele. These mostly refer to the clients who use AMOS-17 for telecommunications. Contracts include specifications of plans offered, which could not be considered very sensitive.
“Handala attached a compressed folder containing around 960MB of data. It consists of RINEX observation & navigation files, which look like just satellite logs, and could be useful to monitor operations in real time. However, for this information to be useful, additional sensitive info is required,” the researchers explained.
The team believes that the information could mainly be used for social engineering attacks targeting the company’s staff.
“The evidence that they indeed have some highly confidential data or sensitive systems that can control the company's satellites is not that convincing. However, the company should be quick to patch any systems that may have been targeted,” said researchers.
Meanwhile, Handala is a pro-Tehran hacktivist group that targets Israeli and Western organizations. Similar to ransomware gangs, the group operates a dark web blog, which it utilizes to post stolen data. Earlier this year, the group targeted Iran International, one of the nation's only sources of independent news.