April 13, 2022 In cards, Retaliation

Retaliation not on the cards, say analysts, after western cyberattack on Roscosmos

Russia’s space agency has reportedly been on the receiving end of a cyber-attack, with ransomware born out of its own country.

As claims swirled last month, Roscosmos boss and Putin ally Dmitry Rogozin diffused statements made by the group of hackers, calling them “scammers and petty swindlers”.

“All our space activity control centers are operating normally,” Rogozin wrote in a tweet last month.

The western hacker group, Network Battalion 65 or NB65, claimed it had shut down a monitoring system used by the space agency after posting images of server information on Twitter.

However, analysis of a file containing source code has alleged to have found that the hackers used 66 per cent of the same code used by infamous Russian cybercrime group Conti, The Telegraph first reported.

Conti, known for using ransomware to extort millions from US and European businesses, was the group behind a hack that shut down the critical IT systems of Ireland’s health service.

While a number of businesses and agencies have been battening down the hatches since the Ukraine war began, European analysts are not expecting retaliation for the attack.  

Is retaliation on the cards?

Speaking to City A.M., Manish Gohil, analyst at security intelligence firm Dragonfly, said: “We’ve been looking into recent activity by that threat group, NB65… it’s very unlikely that Russia or the cyber groups that it sponsors would retaliate in kind, including against space agencies such as NASA.

“The primary reason for this assessment is that it would be tricky for the Russian state to attribute this to a nation state or to claim that a nation state had involvement.”

Cybersecurity expert and Italian professor Stefano Zanero told City A.M. that while NB65 has been “very active in penetrating several Russian targets”, Roscosmos is not likely to use this specific attack as grounds for retaliations “given the already hostile relationship with other agencies” such as NASA.

“In the specific case of Roscosmos, their level of access is not exactly known, but [NB65] surely demonstrated access to documents and administration materials; there is no evidence of access to operational systems,” the professor explained, such as satellites or other control systems.

“Other entities, for instance VGTRK, the TV network, had large quantities of materials extracted and publicly disclosed, with a far larger impact.”

While a retaliating attack is not expected, Jake Moore, global cybersecurity advisor at Slovak internet security company ESET, cautioned that “no organisation should remain complacent” to the threat.