Security researchers have claimed that a malware has infected computer systems of India’s premier space research agency, Indian Space and Research Organization (ISRO).
Indian and French security experts believe that using the vulnerability, hackers could have easily taken control of ISRO’s command rocket launches.
On December 2017, the researchers detected a trojan malware, known as XtremeRAT, in ISRO servers and they immediately reported to the agency by an Indian researcher. However, ISRO responded and resolved the issue only after French researcher Robert Baptiste reached out to the agency on Twitter.
“ISRO in their conversation with me informed that that investigated and found a UTM login port that was not mapped internally to any systems.They claimed to have disabled that port for now,” said Baptiste quoting ISRO’s communication.
The malware had infected the ISRO’s Telemetry, Tracking and Command Networks (ISTRAC) whose main function is to provide tracking support for all the satellite and launch vehicle missions of ISRO.
“The malware was probably infected on a computer that had access to servers used for Tracking and Command (TTC) services that help launch vehicle lift-off till injection of a satellite. A computer which was probably used to command rocket launches and separation of a satellite. I say ‘probably infected’ because no one knows which computer was used,” said the Indian researcher.
XtremeRAT is a commercially available remote access Trojan (RATs) used by hackers to conduct cyber espionage. There are a number of RATs that are available for free and can be purchased online. It allows the hacker to hack specific target’s servers and databases.
"If infected with a trojan, the attacker owns the computer. The hacker can command the computer to do absolutely anything he wants. He just has to use the Remote Desktop Protocol (RDP) to access a computer. Has there been a data loss? most likely yes,” says the Indian researcher.