Back to Hub

Budworm APT and Space-Eyes Breach: Dual Threats to US National Security

Imagen generada por IA para: Budworm APT y filtración de Space-Eyes: Doble amenaza a la seguridad nacional de EE.UU.

Espionage Campaigns Target US Critical Sectors

Two high-profile cyber espionage operations have simultaneously emerged, posing significant risks to US national security infrastructure. Forensic evidence suggests coordinated efforts to exfiltrate sensitive data from defense and aerospace entities.

Space-Eyes Data Breach: IntelBroker's Claims

The hacker known as IntelBroker has allegedly compromised Space-Eyes, a critical US entity handling space-related national security data. While verification of the full data scope is ongoing, initial reports indicate exposure of:

  • Satellite imaging systems specifications
  • Ground station communication protocols
  • Classified aerospace project documentation

This breach follows a pattern of increasing attacks on space technology infrastructure, with previous incidents linked to state-sponsored actors seeking strategic advantage in orbital systems.

Budworm APT's Resurgence

Concurrently, the China-linked Budworm APT (APT27) has launched new attacks after a 6-month operational pause. Their updated toolkit includes:

  • Customized variants of the PlugX backdoor
  • Novel DLL sideloading techniques exploiting legitimate software
  • Multi-stage payloads avoiding signature-based detection

Targets include US defense contractors and government-adjacent research organizations, with confirmed incidents involving:

  • Credential harvesting via phishing lures mimicking military procurement portals
  • Lateral movement through compromised VPN gateways
  • Data staging in encrypted containers before exfiltration

Technical Analysis

Both campaigns demonstrate:

  1. Living-off-the-land tactics: Heavy use of legitimate admin tools (PsExec, Cobalt Strike)
  2. API abuse: Cloud service APIs manipulated for data exfiltration
  3. Timezone evasion: Operations scheduled during US off-hours

Mitigation Recommendations

  • Implement hardware-based MFA for all privileged accounts
  • Conduct purple team exercises focusing on lateral movement detection
  • Deploy memory analysis tools to identify fileless malware
  • Restrict outbound traffic to uncommon ports used in recent exfiltration (notably TCP 447, 8443)

These incidents underscore the need for enhanced threat intelligence sharing between aerospace and defense sectors, particularly regarding supply chain vulnerabilities.

Original source: View Original Sources
NewsSearcher AI-powered news aggregation
Published: 25/06/2025

Comentarios 0

¡Únete a la conversación!

Sé el primero en compartir tu opinión sobre este artículo.