Space Race: Defenses Emerge as Satellite-Focused Cyberattacks Ramp Up

Amid escalating cyber activity, two separate cybersecurity frameworks are targeting the satellite arena, highlighting the ease in attacking the infrastructure and the difficulty in defending it.

With cyberattacks becoming a reality against the space sectors infrastructure in 2022, two groups are aiming to get ahead of future attacks by creating framework initiatives.
The goal of the frameworks is to better understand not only potential threats — in terms of the traditional tactics, techniques, and procedures (TTPs) applied to the space sector — but also to help companies and government agencies
create countermeasures
against attacks targeting satellites and spacecraft.
On Jan. 3, the US National Institute of Standards and Technology (NIST) and the MITRE Corp., which is also a government contractor, released a version of the NIST Cybersecurity Framework tailored to the ground-based portion of the space sector. The NIST publication complements another effort by nonprofit government contractor The Aerospace Corp., which created in October the Space Attack Research and Tactics Analysis (Sparta) matrix, a version of the MITRE ATT&CK framework applied to threats against space-based infrastructure.
Early in 2022, the FBI and CISA
warned that attacks against satellite
ground-based and space-based infrastructure could become a reality — and it soon did. The year saw nation-state operations targeting Viasat and SpaceXs Starlink satellites, and forcing governments and aerospace companies to create defenses against the attacks.
In the early days of Russias invasion of Ukraine, for example, Russia-aligned hackers
targeted the ground-based segment
of Viasats satellite communications network, taking Internet modems offline throughout Europe. Soon after, Russia also targeted the distributed satellite Internet service Starlink,
according to government officials and SpaceX CEO Elon Musk
, which has been critical for providing the Ukraine war effort with Internet connectivity.
Starlink has resisted Russian cyberwar jamming & hacking attempts so far, but [attackers are] ramping up their efforts, Musk
stated on Twitter last May
.
In November, Starlink was in the crosshairs again, with Russia-linked Killnet APT targeting it with a DDoS campaign that
made the service inaccessible
for several hours.
As a corollary, satellites have also become proposed targets of non-cyberattacks as well. In the most recent example, Chinese researchers
proposed a 10 megaton nuclear blast
50 miles from the Earths surface as a way to disable Starlink satellites that pass through the radioactive cloud.
Cyberattackers in this arena are far more likely to be advanced persistent threats (APTs) sponsored by nation-states — often looking to disable satellites and spacecraft. But much of todays ground-based satellite infrastructure
uses common computer and communications technologies
, which could open the door to other players.
The similarities allow attackers to more easily exploit the systems underpinning satellite systems, while the complex supply chain makes the infrastructure easier to attack, Neil Sherwin-Peddie, head of space security for defense and government contractor BAE Systems Digital Intelligence,
stated in a recent column for Dark Reading
.
Satellites are effectively just platforms with embedded systems and interfaces, including radio communications, telemetry tracking control systems, and ground segment connections, he wrote. These are all essentially enterprise networks, but that also makes them avenues of opportunity for cybercriminals.
The attack on Viasat consisted of two components and underscores that known attack methods can be tailored to ground-based and space-based satellite systems.
First, the attackers exploited a misconfiguration in a VPN appliance to gain remote access to the ground-based network, according to
a Viasat advisory
. The attackers then discovered and compromised the management network for the satellite network and issued commands to the ground-based modems.
Specifically, these destructive commands overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable, the company stated.
These commands performed functions similar to a wiper attack, overwriting critical data to disrupt operations, a common approach in cyber-physical attacks, according to a subsequent analysis
performed by independent cybersecurity researcher Ruben Santamarta
.
New attack vectors are looming for the future, as well.
We will see more automation on the spacecraft, and therefore we will need more on-board autonomous cyber protection, says Brandon Bailey, a senior project leader for the Cyber Assessments and Research Department at The Aerospace Corp. This means integrating items like segmentation, authentication, encryption, and intrusion detection [and] prevention on-board the spacecraft will be a must in the future.
The
NIST Cybersecurity Framework for the Satellite Ground Segment (NIST-IR-8401)
builds on a common approach to cyber-defense that includes five major functions: the identification of assets and their cyber-risks, the development of technologies and procedures to protect those assets, the capability to detect attacks, the infrastructure needed to respond to any incident, and the ability to recover from attacks.
The ground segment is becoming more interconnected and cloud-based ground infrastructures, however legacy space operations and the space vehicles themselves use custom software and hardware that was not generally created to be part of a modern highly interconnected cyber-ecosystem, NIST-IR-8401 states. This can be especially problematic with legacy components that may have been created prior to the development of security best practices or that use obsolete security measures.
The
Sparta framework
aims to cover cyberattacks on the space-based components, such as satellites, spacecraft and other systems. The framework will grow and change as the field evolves and the TTPs used by attackers change, says Bailey of The Aerospace Corp.
Cyber on the spacecraft side is relatively new field; therefore, as vulnerabilities — like PCSpoof — are disclosed, we will add TTPs and countermeasures, he says. We also intend on working with the Space ISAC, and as it matures ... we will incorporate threat information and TTPs that are identified.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Space Race: Defenses Emerge as Satellite-Focused Cyberattacks Ramp Up