The attackers behind the ransomware DopplePaymer announced on the dark web that they have successfully hacked into the servers of one of NASA’s information technology contractors, according to a report from ZDNet.
In its blog post, DopplePaymer first congratulated SpaceX and NASA (National Aeronautics and Space Administration) on their successful human-operated rocket launch, and then immediately announced that they compromised the Digital Management (DMI) network.
DMI is a Maryland-based company that delivers managed IT services and cybersecurity on-demand to several Fortune 100 companies and several U.S. government agencies, including NASA and the Defense Information Systems Agency (DISA).
“We congratulate Space-X & NASA with successful launch,” the blog post said. “But as for NASA, their partners again don’t care about the data…”
According to the DoppelPaymer group, they had access to as many as 2,583 servers and workstations, which they claim are part of DMI’s internal network. These servers and workstations have been encrypted and are now being hold for ransom.
The ransomware gang posted 20 archived NASA-related files on a dark web portal on the group they are operating to support their claims. These archive files included Human Resources (HR) documents, excel files with project plans as well as job description sheets with employee records.
“Employee details included in these files matched public LinkedIn records,” ZDNet wrote.
The reason the DopplePaymer gang released the archives and list of servers and workstations is to demand ransom from the company. The attackers first publish small samples of stolen encrypted files, and if the victims do not pay the ransom amount, they leak the remaining files on the dark web as retaliation.
It is unclear how severely the DopplePaymer gang has impacted DMI’s network or how many customer networks were breached. DMI has yet to officially release a statement on its website or a press release regarding the breach.