pwshub.com

Japanese space agency spots unspecified zero-day attacks

The Japanese Space Exploration Agency (JAXA) discovered it was under attack using zero-day exploits while working with Microsoft to probe a 2023 cyberattack on its systems.

JAXA’s systems came under in attack in late 2023, with its Active Directory implementation taking the brunt of it.

An investigation ensued, and saw networks taken offline to verify that no classified data on rockets, satellites, or national security was compromised.

Unauthorized access to Microsoft 365 (M365) was found to be the start of the incident. JAXA asked Microsoft to help with the probe and together found no further breaches, the agency revealed.

But the space org’s statement also revealed the discovery of malware found and removed by an actor other than Microsoft. And then there’s the mention of zero-day attacks in the last sentence of a section about countermeasures like closer network monitoring and improve remote access security the agency adopted.

“In the course of taking the above measures and strengthening monitoring, we have detected and responded to multiple unauthorized accesses to JAXA's network since January of this year (including zero-day attacks), though no information was compromised,” the statement reads.

The 2023 breach did provide the attackers with some information hosted in JAXA's MS365 service, including personal information.

Luckily, the compromised systems are believed to not include sensitive information related to launch vehicles and satellite operations. The space agency also dismissed potential impact on cooperation with domestic and international partners from the attack.

  • Users rage as Microsoft announces retirement of Office 365 connectors within Teams
  • Japan's space agency suffers cyber attack, points finger at Active Directory
  • JAXA's Akatsuki probe goes silent after more than a decade studying Venus
  • Japan's space agency enlists train operator's AI to foresee in-orbit failures

Because the attacker used multiple unknown strains of malware, it was difficult to detect the unauthorized access, explained JAXA. Initial entry to JAXA's internal servers and computers was likely gained by exploiting a VPN vulnerability. The attacker then expanded its unauthorized access and compromised the space agency’s user account information. That account information in turn was used to access the MS365 services.

The newly found cyberattacks adds to a growing list for JAXA. The agency was breached in both 2016 and 2012. The 2016 attack led to the arrest of a Chinese national affiliated with the Chinese Communist Party (CCP) and living in Japan.

The 2023 attack has not publicly been attributed to a person or organization. Considering the 2016 attack took five years before legal action was taken, that may still be a while coming. ®

Source: theregister.com

Related stories
6 days ago - An Astroscale spacecraft is continuing to inspect a Japanese upper stage left in low Earth orbit while demonstrating it can do so safely.
2 weeks ago - Eumetsat moves weather satellite from Ariane 6 to Falcon 9  SpaceNewsMere days before its debut, the Ariane 6 rocket loses a key customer to SpaceX  Ars TechnicaEurope satellite operator drops Ariane 6 rocket for SpaceX:...
4 days ago - Meet DodgeBox, son of StealthVector Chinese government-backed cyber espionage gang APT41 has very likely added a loader dubbed DodgeBox and a backdoor named MoonWalk to its malware toolbox, according to cloud security service provider...
3 weeks ago - The piece of debris that fell through Alejandro Otero's roof (right) came from a support bracket jettisoned from the International Space Station. ...
1 month ago - PLUS: Australia to age limit social media; Hong Kong's robo-dogs; India's new tech minister The space junk cleaning mission launched by Japan's Aerospace Exploration Agency (JAXA) has successfully hunted down one of its targets.…
Other stories
25 minutes ago - Extortionists left hanging after rivals crawled into the woodwork The Scattered Spider cybercrime group is now using RansomHub and Qilin ransomware variants in its attacks, illustrating a possible power shift among hacking groups.…
30 minutes ago - Blender's next generation EEVEE engine has been completely rewritten, allowing for global illumination, displacement, better SSS, viewport motion blur, and more. Blender 4.2 LTS also includes support for GPU-accelerated compositing.Read...
30 minutes ago - This mug warmer was already a great deal. Now at 35% off, it's an absolute steal.
30 minutes ago - Shokz headphones are perfect for outdoor activities -- and they could even save your life.
30 minutes ago - If feels like at least once a week I'm pulling down my immersion hand blender. This was one of the best things I ever bought for the kitchen, and it's on sale for Amazon Prime Day right now.