iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Space technology giant Maxar Space Systems has revealed that its network was breached by an unknown third party.
Maxar Space Systems is a Colorado space technology manufacturing and engineering company best known for its satellites, operating one of the largest and most advanced satellite constellations that cover 60 per cent of the Earth’s surface every month and collect over 3.8 million square kilometres daily.
In a notification sent to its employees, the US-based company said the incident was discovered on 11 October but determined that the threat actors had access for an entire week prior.
“Our information security team discovered that a hacker using a Hong Kong-based IP address targeted and accessed a Maxar system containing certain files with employee personal data,” said Maxar Space Systems.
“When we discovered this on October 11, 2024, we took immediate action to prevent further unauthorised access to the system. Nevertheless, according to our investigation, the hacker likely had access to the files on the system for approximately one week before this action was taken.”
According to the release, the system the threat actors gained access to contained names, genres, home addresses, business contact information such as emails, phones and addresses, Social Security numbers, employment status, employee number, department, supervisor and important onboarding information such as hire dates, role start dates, and “if applicable”, dates of termination.
Maxar Space Systems specified, however, that the incident did not expose bank account data.
Currently, Cyber Daily has not observed any threat actors taking responsibility for the incident. The Hong Kong IP address may indicate a Hong Kong-based threat actor or just the use of a Hong Kong-based server.
Back in July, a threat actor claimed to have exfiltrated data from Maxar’s GeoHive crowdsourcing platform.
“Today, I bring you the user base scrape of GeoHive Maxar Technologies, a space technology company headquartered in Westminster, Colorado, United States,” said threat actor “post” on a popular hacking forum.
“Their API had a vulnerability where you could see every single user’s email address, full name, IP address, phone numbers, sessionToken, etc. I exploited this vulnerability to scrape as much user info as I possibly can from their website.”
It is unclear whether or not the most recent incident and the July scrape are connected in any way.
Be the first to hear the latest developments in the cyber industry.
