The ambitious yet doomed lunar landing mission by the Indian Space Research Organization (ISRO) called Chandrayaan-2 is supposedly failed on purpose by North Korea, claim Indian cyber-security experts.
However, ISRO officials have denied that the mission was failed due to malware attack and explained that its systems weren’t affected at all.
It is believed that the infamous North Korean hacker group Lazarus attacked ISRO’s systems around the same time when the organization was trying to send a spacecraft to the moon.
Ironically, ISRO was alerted about the suspected malware attack earlier in 2019 but the organization ignored the warning and didn’t take any concrete steps to mitigate the threat.
As per a report from Indian Express, the Kudankulam Nuclear Power Plant (KNPP), Tamil Nadu was also attacked along with ISRO.
Analysts assessed that the attack was launched through phishing emails sent to senior officials.
The threat was confirmed by the Computer Emergency Response Team, India (CERT-In), however, despite the notification ISRO failed to counter the threat.
Indian cyber security firm Security Bridge’s founder Yash Kadakia told Financial Times that the emails were loaded with malware and were sent to at least five government agencies including KNPP and ISRO.
“They targeted senior officials with emails that had malware attachments relevant to their subject,” Kakadia revealed and added that if it had been successfully installed the malware could have easily hijacked the email ID and hackers could have sent more emails using the ID.
Apparently, ISRO employees opened the infected emails sent by North Korean hackers and got the malware installed on their systems.
Cyber security experts also claim that Lazarus hackers attacked the government organizations using DTrack malware, which is specifically linked with Lazarus, a group believed to be working for the North Korean government.
This is not the first time when Lazarus hackers have been accused of such a large scale malware attack.
In 2018, the infamous group was accused of targeting banking and other financial giants to steal Bitcoin.
The attacks will raise concern that suspected North Korean hackers are targeting the critical infrastructure of foreign countries to disrupt operations, steal technology or sell information.
Narendra Modi, India’s prime minister, has championed the country as an elite space power.
But the Chandrayaan-2 mission, which was to be the first to land on the unexplored south pole of the moon, ended in failure about seven weeks after it was launched.
The ISRO official said its core systems were isolated from the attack.
“We have an internal network which is 100 per cent isolated from the internet,” the official said.
Hackers have been hitting India’s atomic agencies since 2018, using phishing emails containing malware, said Simon Choi of Issuemakers Lab, a non-profit intelligence organisation based in Seoul that monitors North Korean hackers.
Mr Choi said he had data showing the emails had targeted senior members of the Indian nuclear energy industry, including Shiv Abhilash Bhardwaj, former chairman of the Atomic Energy Regulatory Board, and Anil Kakodkar, former director of the Atomic Energy Commission of India.
He added the attack on the Kudankulam nuclear power plant had also employed phishing emails.
Mr Bhardwaj was not immediately available for comment. Mr Kakodkar said he had only “read this from newspapers and I have no further information”.
Adnan Abidi/Reuters Mr Choi said: “A group known as DarkSeoul or Operation Troy, which hacked South Korea’s defence ministry and banks, actually penetrated into the nuclear power plant after another group known as Kimsuky did some surveillance and gathered information.
“The latest hacking events in India show that North Korea’s attention has shifted to key infrastructure facilities of other countries, and it shows that it can successfully penetrate them.”
But cyber security experts cautioned that attributing an attack to a particular actor can be fraught.
One Asia-based cyber analyst who had reviewed the attack but did not want to be named said that while it was “unlikely”, the techniques used by the hackers could have been used by another actor to apportion blame to North Korea.
Mr Kadakia of Security Brigade said he had compiled a list of 13 recipients of phishing emails spanning at least five government agencies, including ISRO, after reviewing data from the server compromised by the hackers. Some of the phishing emails were sent to private Gmail accounts.
While Mr Kadakia said he could verify the officials were targeted and that they had opened the links potentially unleashing malware, he could not confirm if a virus infected other computers in the agencies.
“This is not really rocket science, it wasn’t really anything cutting edge, it was a phishing email, an unpatched browser and a lack of monitoring,” said Mr Kadakia.
“They clicked the links and opened the malware.”
Sohn Young-dong, a defence expert at Hanyang University in Seoul, said Pyongyang might be using the attacks to seek nuclear technology to help overcome its own energy crisis. E
qually, it could equally be aiming to “sell such information to countries like Iran”.
The US government’s Congressional Research Service has detailed that a 2014 attack on South Korea’s nuclear plant operator — attributed to North Korea by officials in Seoul — resulted in designs and manuals being published and that the “hackers intended to cause a malfunction at atomic reactors, but failed to break into their control system”.