Incident: Cyber Attack on Indian Space Agency's Moon Mission by North Korean Hackers

Published Date: 2019-11-08

Postmortem Analysis
Timeline 1. The software failure incident involving the Indian Space Research Organisation being attacked by North Korean hackers while attempting to land a spacecraft on the Moon happened in September 2019 [Article 91792].
System 1. Indian Space Research Organisation's systems 2. Chandrayaan-2 spacecraft's communication system 3. Kudankulam nuclear power plant's administrative computer 4. DTrack malware 5. Lazarus hacking group's cyber attack capabilities [91792]
Responsible Organization 1. North Korean hackers were responsible for causing the software failure incident at India's space agency ISRO [91792]. 2. The cyber-attack on the Kudankulam nuclear power plant was linked to a shadowy hacking group Lazarus, believed to be controlled by the North Korean government [91792].
Impacted Organization 1. Indian Space Research Organisation (ISRO) [Article 91792] 2. Kudankulam nuclear power plant [Article 91792]
Software Causes 1. The failure incident at the Indian Space Research Organisation (ISRO) during the Chandrayaan-2 moon mission was caused by a cyber attack by North Korean hackers who targeted the agency's systems by sending phishing emails and installing malware through them [91792]. 2. The malware used in the attack on the Kudankulam nuclear power plant was identified as DTrack, a type of malware linked to the North Korean hacking group Lazarus, which is believed to be controlled by the North Korean government [91792].
Non-software Causes 1. The failure incident was caused by a loss of contact with the spacecraft during the Moon landing attempt [91792]. 2. The incident was also influenced by a cyber attack on the Indian Space Research Organisation by North Korean hackers [91792].
Impacts 1. The software failure incident involving North Korean hackers attacking India's space agency, ISRO, during the Chandrayaan-2 moon mission resulted in the spacecraft losing contact and ultimately failing to land on the Moon [Article 91792]. 2. The cyber attack on the Kudankulam nuclear power plant in southern India led to the infection of its computers with malware, although it targeted an administrative computer rather than the plant control system [Article 91792].
Preventions 1. Implementing robust cybersecurity measures such as regular security audits, employee training on identifying phishing emails, and ensuring strong network security protocols could have prevented the cyber attack on the Indian Space Research Organisation [91792]. 2. Utilizing advanced malware detection and prevention tools to identify and block malicious software from being installed on the systems could have helped prevent the malware infection that led to the loss of contact with the spacecraft [91792]. 3. Enhancing network segmentation and access controls to prevent unauthorized access to critical systems and data could have mitigated the impact of the cyber attack on the space agency [91792].
Fixes 1. Enhancing cybersecurity measures within the Indian Space Research Organisation (ISRO) to prevent future cyber attacks, such as implementing stricter email security protocols and conducting regular cybersecurity training for employees [91792]. 2. Conducting a thorough investigation into the malware that infected the ISRO systems to identify any vulnerabilities and ensure they are patched to prevent similar incidents in the future [91792]. 3. Collaborating with cybersecurity experts to assess and strengthen the overall cybersecurity posture of ISRO to mitigate the risk of future cyber attacks [91792].
References 1. Cyber experts 2. Financial Times 3. Indian Space Research Organisation officials 4. Indian energy bosses 5. Nuclear officials 6. U.S. authorities 7. Statement from the Indian Space Research Organisation 8. Statement from the nuclear officials [Cited from Article 91792]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident having happened again at one_organization: The Indian Space Research Organisation (ISRO) faced a cyber attack during the Chandrayaan-2 moon mission, where North Korean hackers targeted the agency by sending phishing emails to employees, leading to malware being installed on their systems [91792]. (b) The software failure incident having happened again at multiple_organization: The Kudankulam nuclear power plant in southern India was also targeted by hackers, infecting its computers with malware. The malware was linked to a shadowy hacking group Lazarus, believed to be controlled by the North Korean government. This incident occurred after India's largest nuclear power plant admitted it had similarly been attacked [91792].
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase can be seen in the cyber attack on India's space agency, the Indian Space Research Organisation (ISRO), by North Korean hackers. The attack was suspected to have occurred when employees opened phishing emails from North Korean spammers, inadvertently installing malware onto their systems [91792]. (b) The software failure incident related to the operation phase is evident in the cyber attack on the Kudankulam nuclear power plant in southern India. The malware infected an administrative computer within the plant's network, highlighting a failure due to the operation or misuse of the system [91792].
Boundary (Internal/External) within_system (a) within_system: The software failure incident related to the cyber attack on India's space agency and the Kudankulam nuclear power plant can be categorized as within_system. In both cases, employees are suspected to have opened phishing emails from North Korean spammers, leading to the installation of malware on their systems [91792]. This indicates that the failure originated from within the system itself, as it was caused by actions taken by internal employees unknowingly allowing the malware into the system.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident occurring due to non-human actions: - The Indian Space Research Organisation (ISRO) was attacked by North Korean hackers, leading to a cyber attack during the Chandrayaan-2 moon mission [91792]. - Employees at ISRO are suspected to have opened phishing emails from North Korean spammers, inadvertently installing malware on their systems [91792]. - The cyber attack did not directly affect the Moon mission, but India lost contact with the spacecraft, resulting in a failure of the mission [91792]. - The malware found at the Kudankulam nuclear power plant targeted an administrative computer rather than the plant control system [91792]. (b) The software failure incident occurring due to human actions: - Employees at ISRO are feared to have opened phishing emails from North Korean spammers, which led to the installation of malware on their systems [91792]. - Indian energy bosses initially denied a cyber-attack on the Kudankulam nuclear power plant, which was later confirmed to have occurred [91792].
Dimension (Hardware/Software) hardware, software (a) The software failure incident related to hardware: - The article mentions that the Kudankulam nuclear power plant in India was targeted by hackers who infected its computers with malware. However, the malware was found to have targeted an administrative computer rather than the plant control system [91792]. - The infected PC at the nuclear power plant was connected to the network used for administrative purposes, indicating a hardware-related vulnerability that allowed the malware to infiltrate the system [91792]. (b) The software failure incident related to software: - The article reports that the Indian Space Research Organisation (ISRO) was attacked by North Korean hackers, with employees suspected of opening phishing emails and accidentally installing malware on their systems [91792]. - The failure of the Moon mission after India lost contact with the spacecraft was attributed to the cyber attack, indicating a software-related issue caused by the malware installed on the systems [91792].
Objective (Malicious/Non-malicious) malicious, non-malicious (a) The software failure incident related to the Indian Space Research Organisation (ISRO) being attacked by North Korean hackers during the Chandrayaan-2 moon mission can be classified as a malicious failure. The attack involved North Korean hackers targeting ISRO employees with phishing emails, leading to the installation of malware on their systems. This malicious intent was aimed at harming the space agency's operations, potentially jeopardizing the Moon mission. The attack was part of a larger cyber campaign targeting government agencies, including the nuclear power plant, indicating a deliberate effort to disrupt critical infrastructure [91792]. (b) The software failure incident at the Kudankulam nuclear power plant in southern India, where hackers infected computers with malware, can be classified as a non-malicious failure. The malware was found to have targeted an administrative computer rather than the plant control system, indicating that the attack was not specifically aimed at causing harm to the plant's operations. The incident was attributed to the use of DTrack malware linked to a hacking group believed to be controlled by the North Korean government. The attack was more likely focused on gaining unauthorized access or information rather than causing direct harm to the plant's operations [91792].
Intent (Poor/Accidental Decisions) poor_decisions, accidental_decisions (a) The intent of the software failure incident related to poor_decisions: - The software failure incident involving the Indian Space Research Organisation (ISRO) being attacked by North Korean hackers was attributed to employees opening phishing emails from North Korean spammers, which led to the accidental installation of malware on their systems [91792]. - Despite being warned of the cyber attack during the Chandrayaan-2 moon mission, ISRO denied that its systems had been compromised by the attempted hacking [91792]. (b) The intent of the software failure incident related to accidental_decisions: - The software failure incident at the Kudankulam nuclear power plant in southern India was due to an accidental decision where an administrative computer was infected with malware, although it was not the plant control system that was targeted [91792].
Capability (Incompetence/Accidental) accidental (a) The software failure incident related to development incompetence is not explicitly mentioned in the provided article. (b) The software failure incident related to accidental factors is highlighted in the article. It mentions that employees at the Indian Space Research Organisation (ISRO) are feared to have opened phishing emails from North Korean spammers, accidentally installing malware onto their systems. This accidental action led to the cyber attack on ISRO during the Chandrayaan-2 moon mission, ultimately resulting in the failure of the mission [91792].
Duration temporary (a) The software failure incident related to the cyber attack on India's space agency by North Korean hackers can be considered as a temporary failure. The incident occurred due to employees opening phishing emails from North Korean spammers, accidentally installing malware on their systems [91792]. This specific circumstance of employees falling for the phishing emails led to the temporary failure in the system, rather than a permanent failure caused by all circumstances.
Behaviour crash, other (a) crash: The software failure incident related to the Indian space agency's cyber attack resulted in a crash scenario where India lost contact with the spacecraft during the Moon mission, leading to its failure [91792]. (b) omission: There is no specific mention of the software failure incident being related to omission in the articles. (c) timing: The articles do not indicate that the software failure incident was due to timing issues. (d) value: The software failure incident did not involve the system performing its intended functions incorrectly. (e) byzantine: The behavior of the software failure incident does not align with a byzantine failure scenario. (f) other: The software failure incident involved a cyber attack by North Korean hackers, leading to the installation of malware on the systems of the Indian Space Research Organisation, ultimately resulting in the failure of the Moon mission [91792].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, delay, non-human, theoretical_consequence (a) death: People lost their lives due to the software failure - No information about people losing their lives due to the software failure was mentioned in the articles [91792]. (b) harm: People were physically harmed due to the software failure - No information about people being physically harmed due to the software failure was mentioned in the articles [91792]. (c) basic: People's access to food or shelter was impacted because of the software failure - No information about people's access to food or shelter being impacted due to the software failure was mentioned in the articles [91792]. (d) property: People's material goods, money, or data was impacted due to the software failure - The Kudankulam nuclear power plant in southern India was targeted by hackers who infected its computers with malware, impacting the plant's systems [91792]. (e) delay: People had to postpone an activity due to the software failure - The Chandrayaan-2 moon mission faced a setback when a control station in Bengaluru lost contact with the spacecraft in September [91792]. (f) non-human: Non-human entities were impacted due to the software failure - The Indian Space Research Organisation (ISRO) and the Kudankulam nuclear power plant's systems were impacted by the software failure [91792]. (g) no_consequence: There were no real observed consequences of the software failure - There were observed consequences of the software failure, such as the loss of contact with the spacecraft and the infection of the nuclear power plant's computers [91792]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The articles mentioned that the cyber attack on the Indian Space Research Organisation and the Kudankulam nuclear power plant could have had more severe consequences, but the actual impact was limited to the infection of systems [91792]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - No other consequences of the software failure were mentioned in the articles [91792].
Domain knowledge, government (a) The failed system was related to the space industry, specifically the Indian Space Research Organisation (ISRO) and its Chandrayaan-2 moon mission [91792]. (l) The failed system was also related to the government sector as the Indian space agency ISRO is a government agency that came under attack by North Korean hackers [91792].

Sources

Back to List