http://www.newindianexpress.com/cities/ ... 85758.html
ISRO computer infected with malware
The trojan malware, known as XtremeRAT, was detected in ISRO servers in December 2017 and was reported to the agency by an Indian researcher. ISRO reportedly responded and resolved the issue only after French researcher Robert Baptiste reached out to the agency on Twitter. “ISRO in their conversation with me informed that that investigated and found a UTM login port that was not mapped internally to any systems.They claimed to have disabled that port for now,” said Baptiste quoting ISRO’s communication with him that Express has seen.
The XtremeRAT malware was found in ISRO’s Telemetry, Tracking and Command Networks (ISTRAC) that provides tracking support for all the satellite and launch vehicle missions of ISRO. “The malware was probably infected on a computer that had access to servers used for Tracking and Command (TTC) services that help launch vehicle lift-off till injection of a satellite. A computer which was probably used to command rocket launches and separation of a satellite. I say ‘probably infected’ because no one knows which computer was used,” said the Indian researcher in December 2017.
The researcher says he stumbled on the ISRO vulnerability while using the search engine Shodan, that lets users find specific types of computers connected to internet using a variety of filters. “If Shodan can be used for searching hacked sites, I thought, why not search for infected servers? I filtered it down to region and ISRO showed up in the scan results,” said the Indian researcher.ISRO has not yet responded to Express’ request for a comment on the issue.
Resercher says search engine Shodan led him to ISRO’s vulnerability. “I did not dig any further as anything beyond that will probably be illegal,” he added. So what is XtremeRAT? It’s a commercially available remote access Trojan (RATs) used by hackers to conduct cyber espionage. There are numerous RATs that are available for free and can be purchased online, mostly from hacker forums or the dark web. The malware allows the hacker to dig deep into a specific target’s servers and databases and even sell off the access rights of their victims’ systems and their data to others.
BRF members who are better informed about malware can (time permitting) perhaps shed more light