I read that an APT group, called Turla, is using satellites for command-and-control operations to mask its attacks....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
How does this work? What's the best way to stop satellite Internet hijacking?
A key part of launching a persistent attack is keeping it from being detected, and keeping the command-and-control operation functioning even after it has been detected. The Turla advanced persistent threat (APT) group has taken a relatively unique method to operational security for their command-and-control operations by using satellite Internet connections. Satellite Internet connections are low bandwidth and relatively expensive, but provide a certain amount of physical anonymity and can be accessed from a PC with specialized equipment. The satellite Internet hijacking gives the APT group access to the Internet from remote and/or air-gapped locations using a broadcast connection. This connection only provides the ability for one-way communication from the satellite, so the APT group must then use an alternative Internet connection to the other communications. The attack also utilizes watering hole attacks in order for the initial infection vector to install its sophisticated rootkit.
Basic cyberhygiene at all levels has unexpected benefits toward preventing attacks. The best way to stop the satellite Internet hijacking, as used by the Turla APT group, is following Best Current Practice 38 from the Internet Engineering Task Force; this best practice covers network ingress filtering to prevent IP address spoofing. As the attack is reported to use man-in-the-middle attacks, using Border Gateway Protocol security can prevent rerouting the satellite Internet traffic. If the attacker can't use spoofed IP packets as part of the attack, their ability to remain undetected is compromised.
Find out how steganography can help attackers avoid detection
Learn about a new malware obfuscation technique that uses HTML5
Discover how APT groups are using public cloud services for attacks
Dig Deeper on Hacker tools and techniques: Underground hacking sites
Related Q&A from Nick Lewis
The CIA Vault 7 cache exposed the Brutal Kangaroo USB malware, which can be spread to computers without an internet connection. Learn how this is ...continue reading
Kaspersky Lab recently accused Windows 10 of acting as an antivirus block to third-party antimalware software. Discover how your software is being ...continue reading
QakBot malware triggered hundreds of thousands of Microsoft Active Directory account lockouts. Discover the malware's target and how these attacks ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.