UPDATED 21:57 EDT / JUNE 03 2020

SECURITY

NASA contractor allegedly hit by DopplePaymer ransomware group

A contractor for the U.S. National Aeronautics and Space Administration has allegedly been hit in a ransomware attack and the group behind it claims to have stolen company files.

The apparent attack comes from the DopplePaymer ransomware group and involves Digital Management LLC, a Bethesda, Maryland-based firm that offers business intelligence and cybersecurity services to Fortune 1000 companies and U.S. federal government agencies.

The link to NASA comes from the group itself, which wrote in a dark web blog post that “we congratulate SpaceX and NASA with successful launch [sic]. But as for NASA, their partners again don’t care about the data…” The blog post also included links to data allegedly stolen from the company.

According to a report today in ZDNet, it’s not clear how deep inside DMI’s network DopplePaymer made it during the breach or how many customers may have been affected. DopplePaymer claims to have compromised 2,583 servers and workstations. Along with more mundane material such as invoices, forecasts and various human resources documentation, the files released by DopplePaymer include designs for military equipment from Lockheed-Martin Corp. and some documents relating to SpaceX Inc.’s manufacturing partner program.

DMI has yet to comment on the report. Presuming that DopplePaymer’s claim is true, at the very least the breach is highly embarrassing for a company that provides cybersecurity services to government departments and major companies.

“Federal contractors and service providers are required to comply with very strict IT security controls that vary based on the nature of the contract and data classification,” Trevor Morgan, product manager at data security specialist security technology firm comforte AG, told SiliconANGLE. “The attack illustrates that even with such increasingly tough rules, traditional IT controls may still become permeable through malware and social engineering resulting in network and data compromise. While details are scant, it’s a warning for even the best prepared organizations to consider securing data assets.”

Emphasizing the security implications of the attack, Paul Bischoff, privacy advocate with tech research and comparison site Comparitech Ltd., noted that the data could be dangerous in the wrong hands. :This is data that’s not just valuable to financially motivated criminals but also nation-state actors who want to spy on NASA and its employees,” he said. “Employee records, for example, could be used to vet and recruit individuals working for NASA to spy and steal on behalf of foreign governments.”

Although the full scale of the data stolen is unknown, Boris Cipot, senior security engineer at electronic design automation firm Synopsys Inc., said that it would seem that many governmental organizations and Fortune 100 companies could be affected.

His advice to other companies: “Check your systems and networks for any irregularities and watch out for possible attacks in the form of phishing emails. Be wary of emails or messages that have attachments or links, and avoid opening them if possible.”

Photo: NASA/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU