Ouroboros, one of the world’s most sophisticated hacking groups with close ties to the Russian government, has been accused of hijacking unencrypted commercial satellite communications. They use hidden receiving stations in Africa and the Middle East to hide their Control & Command servers and mask attacks on Western military and governmental networks.
The group which created the advanced malware known as “Snake” or “Turla” was exposed last year as having mounted aggressive cyber espionage operations against Ukraine and a host of other European and American government organizations over nearly a decade.
In a report by Kaspersky released on Wednesday, they said they had identified a new “exquisite” attack channel being used by the group that was virtually untraceable. The need for hackers to communicate regularly with machines they have compromised allows security researchers to trace back the hackers' Command & Control servers.
“This method makes it almost impossible to discover the physical location of these C&C servers,” said Stefan Tanase, senior security researcher at Kaspersky. “Safe to say this is the ultimate level of anonymity that any cyber espionage group has reached in terms of hiding its origins.” Here is the Video
The Ouroboros satellite hack exploits the fact that most satellite communications being sent from satellites back to earth are unencrypted, and so can be spoofed. The process is laid out by Kaspersky in a large illustration and follows a number of steps.