Cyber Incident Victim: Maxar Technologies

On or around June 21, 2023, an advertisement was posted on a Russian-language hacker forum by an individual claiming to offer access for sale to a military satellite. The satellite was purportedly owned by Maxar Technologies, a prominent US-based space technology company headquartered in Colorado. The company specializes in manufacturing communication, Earth observation, and radar satellites, as well as providing on-orbit servicing. The threat actor set the price for this claimed access at $15,000. The advertisement suggested that potential buyers who gained this access could acquire sensitive information regarding US military and strategic positioning, implying a significant potential intelligence gain from the compromise of such a system. A level of credibility was added to the offer by the hacker's stated willingness to use Escrow, a trusted third-party payment service, to facilitate the transaction. The authenticity of the hacker's claims regarding the satellite access remained unverified at the time of the report.

In a related post observed on the same forum, the same individual was also offering access to email accounts within the AT&T corporation. The price for this access was set at $7,000. The hacker specifically claimed that the provided access would have two-factor authentication (2FA) disabled, a condition that would leave the accounts highly vulnerable to further exploitation. AT&T, as a major US telecommunications company, handles vast quantities of sensitive customer data and corporate communications, making such a breach, if real, a serious event. The advertisement for the AT&T email access was presented alongside the Maxar satellite offer, linking the two claims to the same source actor. The credibility of both claims was similarly unverified.

The potential implications of unauthorized access to a military satellite system are severe. Military satellites are critical assets used for surveillance, communication, and strategic operations. A successful breach could potentially compromise national security by exposing sensitive observational data, revealing strategic positioning of assets, or even allowing for interference with satellite operations. The sale of such access on a public forum represents a direct threat to the security and integrity of these vital systems. The report noted that unauthorized access to military satellites carries severe legal and security consequences for those involved.

The public nature of the advertisement meant the claim was quickly disseminated within cybersecurity news outlets, bringing significant attention to the potential threat. The immediate response called for the affected companies, Maxar Technologies and AT&T, to take action to investigate the potential security vulnerabilities referenced in the forum posts. The report emphasized the necessity for these organizations to address any potential breaches with urgency. Furthermore, the incident underscored the ongoing need for individuals and organizations to maintain vigilance, regularly update security measures, and employ strong authentication protocols to defend against such threats.

A collaborative response involving law enforcement agencies, cybersecurity firms, and the affected companies was indicated as the necessary course of action. The required steps included a thorough investigation of the claims, an effort to identify any potential vulnerabilities within the systems, and the implementation of measures to ensure the security and integrity of the data and systems in question. The public disclosure of the threat served to initiate this process, prompting internal security reviews and likely engagement with federal authorities.

This incident was not an isolated event on Russian-language hacker forums. The report noted a precedent for the sale of critical US cyberinfrastructure access on such platforms. Earlier in the same year, in March 2023, data allegedly stolen from the US Marshals Service was found being sold on a Russian forum, with the actor offering 350 GB of data for $150,000. Furthermore, in May 2021, the FBI had issued a formal warning concerning the sale of network credentials and virtual private network (VPN) access information belonging to various US colleges on multiple Russian hacker forums. The FBI disclosure stated that the information being sold was primarily obtained through ransomware attacks, spear-phishing campaigns, and other forms of cyber intrusion. The offer of Maxar satellite access fits within this established pattern of malicious activity where access to sensitive systems and data is commoditized and sold to the highest bidder.

The specific impacts on Maxar Technologies or AT&T, beyond the reputational concern and the immediate requirement to investigate, were not detailed in the available information. There was no confirmation provided that any systems were actually breached or that any data was exfiltrated as a result of the claims made on the forum. The consequences remained potential rather than confirmed, hinging on the validity of the hacker's advertisement. The primary impact was the initiation of emergency security protocols and investigations to determine the legitimacy of the threat. The wider consequence was a reminder of the persistent targeting of critical national infrastructure and major corporations by threat actors who operate openly in certain corners of the internet. The incident highlighted the continuous need for robust cybersecurity defenses and proactive threat intelligence monitoring to identify and respond to such public claims of compromise quickly. The ultimate findings of the investigations launched by the companies and law enforcement were not disclosed in the immediate reporting of the event.