Earlier this month it was announced that researchers at the Kaspersky Lab, an international security group, discovered that the Russian spy group, Turla, has been hijacking satellite IP addresses to steal data.
Turla is believed to be a group that is employed by the Russian government, targeting government embassies, agencies, and militaries in over 40 countries. They employ various techniques to infect the systems of targets and acquire data, but it seems that they employ the use of satellite IP addresses when attacking high profile targets.
The way this works is the hackers use an antenna to intercept unencrypted satellite internet traffic and determine valid user IP addresses to hijack. After infecting a target computer with a domain name associated with their command server, they change the IP address of their command and control server to one that is hijacked. While the owner of the IP address will have the connection dropped, the attackers will use the new channel to connect to their target system and steal their target data.
Through these means, the data streaming that the hackers have to their target system is slower, short term, and has the risk of being unreliable. But that being said, the satellite connection provides the hackers both access around the globe and a way to connect to their target without leaving a trace to their command server. So when attacking high profile targets, Turla utilizes this method to sacrifice some efficiency for the sake of keeping their trail hidden.
A very powerful hacking method, all the equipment that the hacker needs consists of a satellite dish, some cable, and a satellite modem. All of which can be a purchased on a $1,000 budget. It has been discovered that Turla has been using this method since 2007, but if more hackers utilize this hacking method more hackers will go on without consequence. The root issue being this hole needs to be shut down in some way, for when there is a security hole this large it will be exploited severely.