Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Japan Aerospace Exploration Agency hit again by malware

The New Your Times has recently published the news the Japan Aerospace Exploration Agency was hit by a virus that stolen secret information on newest rockets from an internal computer. The precious information was stored from a computer in Tsukuba Space Center located in northeast area of Tokyo, where it has been detected a malware that […]

Japan Aerospace Exploration Agency hit again by malware

The New Your Times has recently published the news the Japan Aerospace Exploration Agency was hit by a virus that stolen secret information on newest rockets from an internal computer. The precious information was stored from a computer in Tsukuba Space Center located in northeast area of Tokyo, where it has been detected a malware that was stealing information. The stolen data includes details on ongoing projects such as the Epsilon project, a solid-fuel rocket, this last feature is desirable for the attackers due the possible implication in military use.

The Japanese Epsilon project, started two years ago, is very innovative, it’s new generation of rockets superior to the existing H-IIA rocket due to its reduced size that allow the shipment into orbit of satellite at a quarter of actual launch cost. But reduced dimension means also major capacity of manageability in military, solid-fuel rockets could in fact be used in military as intercontinental ballistic missiles.

The incident happened last November 21th , security experts detected a malicious agent inside the network of the agency that silently stolen data related to advanced projects of the agency. Immediately was started the procedure to sanitize the internal network and to conduct the necessary forensic analysis. It’s not clear the real intent of the offensive that appears to be a targeted attack to steal intellectual property.

This is the second time during this year that Japan Aerospace Exploration Agency is hit by a cyber attack, last time a virus stole sensible information related another technological advanced project related to the design of an unmanned vessel that ferries cargo to the International Space Station, the “H-2 Transfer Vehicle”.

The Epsilon rocket will be launched next autumn but as highlighted by New York Times it is a complex project with a meaningful technological component and innovative contents. We must consider that Japan industry has been victims of different attacks during last year that used different instances of known viruses hitting mainly defense companies.

Following a shot list of known events :

     
Mitsubishi Heavy Industries (defense contractor) August 2011 Companies networks infected by malware that sent outside information on defense systems.
Japan’s lower house of parliament October 2011 A cyber espionagecampaign originated from China exposed sensible information at least a month.The infection was possible thanks phishing campaign against Lower House member started in July. Also in this case a malware was used for the attack.
Japan Aerospace Exploration Agency January 2012 Malware infected a data terminal at Japan’s space agency stealing sensitive information including data related to H-2 Transfer Vehicle
The Japanese Finance Ministry July 2012 The Japanese Finance Ministry declares that its computers have been infected with a virus in the from 2010 to 2011 causing leaks of information.

 

Some attacks were originated from China, the nation most active in cyber espionage, and it’s my opinion that we are facing with the tip of the iceberg, the Elderwood project is the demonstration that groups of hackers are exploiting zero-day vulnerabilities to steal sensible information and to exploit systems inside critical infrastructures.

Similar events are on the agenda, some revealed, others rightly kept secret, the prevention is crucial, fundamental is the definition of protective and efficient countermeasures and the adoption and diffusion of security best practices.

Pierluigi Paganini

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Japan Aerospace Exploration Agency, malware)