author photo
By Bruce Sussman
Thu | Jun 4, 2020 | 6:45 AM PDT

It's been a big week for NASA.

For the first time in history, NASA astronauts launched from American soil in a commercially built and operated American crew spacecraft on its way to the International Space Station.

nasa-image-bill ingalls-credit

And among those offering online congratulations is the DoppelPaymer ransomware gang.

"We congratulate Space-X & NASA with successful launch," the cybercriminals posted on their website.

And then the other shoe dropped.

Because during this historic week, the DoppelPaymer gang says the U.S. space agency is feeling the impacts of a ransomware attack.

"But as for NASA, their partners again don't care about the data…" 

NASA third-party vendor hit with ransomware

The blog post then revealed the ransomware group has allegedly breached the networks of Digital Management, LLC (DMI), which offers business intelligence and cybersecurity services to government agencies, including NASA.

ITPro shared some of the details:

"DoppelPaymer also published a list of 2,583 workstations and enterprise servers it had allegedly compromised, with details published including configurations, DNS hostnames and the operating systems run.

The operators of DopplePaymer have recently followed the practice of other known hacking groups in publishing stolen material on a publicly-available site in order to shame victims that haven’t paid a ransom."

And Silicon ANGLE offered another insight:

"Along with more mundane material such as invoices, forecasts and various human resources documentation, the files released by DopplePaymer include designs for military equipment from Lockheed-Martin Corp. and some documents relating to SpaceX Inc.’s manufacturing partner program."

SecureWorld has reached out to DMI for confirmation of this attack and additional details. We will update this story.

Image credit: Bill Ingalls, NASA

Tags: Ransomware, NASA,
Comments