ISRO (Indian Space Research Organization) confirmed that they were alerted of a suspected cyberattack by North Korean hackers during the Chandrayaan-2 moon mission in September, reports The Quint.
The news comes weeks after it was reported that India’s Kudankulam Nuclear Power Plant in Tamil Nadu was a victim of a North Korean cyberattack.
An official at ISRO confirmed that an alert was received from the Computer Emergency Response Team, India (CERT-In), but found nothing suspicious after investigation. He also added that their systems were “unaffected”. The alert came during India’s Chandrayaan-2 mission that started on July 22nd and ended on September 7th.
“I can only comment that we also got the alert… our cybersecurity team got into action, they checked the whole thing and we were unaffected,” the official told The Quint.
Yash Kadakia, the founder of Mumbai-based cybersecurity firm Security Brigade, told The Quint that he had evidence of emails with malware sent by suspected North Korean hackers to at least five critical government agencies, including ISRO.
“They targeted senior officials with emails that had malware attachments relevant to their subject,” Kadakia said.
He suspected that people opened the phishing emails sent by the hackers potentially unleashing malware into systems.
“We know they were targeted, they got the link, they clicked on the link. That much we can confirm so far,” Kadakia added.
According to information reviewed by Security Bridge from the server hacked by the suspects, at least 13 recipients from five government agencies have been confirmed to have been sent phishing emails from one server in question. Although the server was not hosted in North Korea, it was being used for these attacks.
“We do have the email address of the targeted ISRO scientist but have not publicly disclosed that information yet. We have shared it with the National Critical Information Infrastructure Protection Centre (NCIIPC) so that they can look into it and investigate.”
However, Kadakia clarified that he doesn’t know with certainty if the phishing malware was successfully executed and if ISRO officials were using an official company device, personal phones or home laptops to access the mails.