Hacktivism Goes Orbital: Investigating NB65's Breach of ROSCOSMOS
Rajiv Thummala, Gregory Falco
TL;DR
The paper investigates NB65's claimed breach of ROSCOSMOS by analyzing released primary sources to infer ground-segment vulnerabilities, notably in WSO2 components and the Log4j2 RCE vector. It builds an estimated cyber kill chain from reconnaissance to objective, while noting substantial questions about claim validity given official denials. The analysis underscores the potential for hacktivism to threaten space infrastructure and the risk of data exfiltration and disruption through compromised ground systems. The authors advocate strengthened patch management, redundant and isolated ground segments, and international space-cybersecurity standards to mitigate similar threats.
Abstract
In March of 2022, Network battalion 65 (NB65), a hacktivist affiliate of Anonymous, publicly asserted its successful breach of ROSCOSMOS's satellite imaging capabilities in response to Russia's invasion of Ukraine. NB65 disseminated a series of primary sources as substantiation, proclaiming the incapacitation of ROSCOSMOS's space-based vehicle monitoring system and doxing of related proprietary documentation. Despite the profound implications of hacktivist incursions into the space sector, the event has garnered limited attention due to the obscurity of technical attack vectors and ROCOSMOS's denial of NB65's allegations. Through analysis of NB65's released primary sources of evidence, this paper uncovers the probable vulnerabilities and exploits that enabled the alleged breach into ROSCOSMOS's ground and space segment. Additionally, we highlight lessons learned and the consequences this event has for the global aerospace community.