North Korean Hackers Used A Basic Hacking Trick To Hack ISRO’s Server

Yesterday, we share a piece of detailed information about the hacks conducted on ISRO space station. A group of Korean hackers, Lazarus, hacked into the systems of Indian Space Station using a malware known as DTrack.

It has been suggested by some sources that ISRO employees may have received a phishing email, something close to what we all receive on a daily basis, the mail when opened infected the systems of the Space Stations.

How was the hack conducted by Lazarus?

Yash Kadakia, founder of Security Brigade, a cybersecurity firm based in Mumbai, said in an interview with Financial Times that the hack conducted by the Korean hackers was not very technical and beyond the seven skies, it was just a phishing mail, an unpatched browser and lack of monitoring that spill the tea and made it easy for the hackers to infiltrate the systems.

Mr. Kadakia also said that the same server was used to send spam links to senior nuclear scientists of Kudankulam Nuclear Plant which was also targeted by the hackers before and later was used to target the scientists at ISRO.

Mr. Kadakia, who is working along with South-Korea based malware analysts, IssueMaker labs, also said that they have the email address of the scientist who received the phishing mail and has shared the email with National Critical Information Infrastructure Protection Centre (NCIIPC) for further investigation.

However, Mr. Kadakia also said that it is not yet confirmed if the phishing email was successfully executed and whether the scientist used the email on his personal device or the company’s system.

The Korean hackers breached the domain controllers which gave them access to the main system, steal data and respond to security authentication requests. An ISRO official also confirmed that the organization received an alert from the Computer Emergency Response Team, India during Chadrayaan 2 mission but ISRO remained unaffected, as per The Quint.

According to the Cyber Experts, ISRO was one of the five government agencies on the targets of Lazarus, the Korean Hacker group. The space station was also informed about the situation before the mission started facing several communication issues with the Lander Vikram, but ISRO kept saying that the internal systems are free from any threats.

Not to forget, the Delhi based website of the current government of India was also hacked by a group of Hackers based in Pakistan, and posted hate messages against the Prime minister of India.