Two South Korean satellite receiver manufacturers have recently come under scrutiny following their reported integration of Distributed Denial of Service (DDoS) functionalities into their products. This alarming development has led to significant legal action, with the South Korean government moving to issue arrest warrants for the companies’ chief executives, whose names have not been disclosed publicly due to privacy considerations.
The core of the issue dates back to a contractual agreement made in 2017, where the two firms were tasked with delivering around 240,000 satellite receivers with inherent capabilities for DDoS attacks. By year’s end, they successfully fulfilled the order, with more than 98,560 units pre-installed with attack functionalities. Notably, additional units were controversially updated via over-the-air (OTA) technology in 2018 to enable similar capabilities.
It has come to light that the majority of consumers purchasing these receivers were largely unaware of their capability to initiate cyberattacks. Effectively, these devices were designed to operate as botnets, a situation that could potentially compromise satellite operations when activated assiduously.
In July of this year, Interpol received intelligence regarding the malicious functionalities of these satellite receivers. Subsequent investigations revealed that several of these compromised devices had even found their way into the hands of broadcasting companies in several developed nations, including the United States, the United Kingdom, Canada, Australia, and the UAE.
In response, South Korean authorities have escalated their actions, with six arrests already made as part of ongoing investigations into the case. The government has announced plans to seize the proceeds from the sale of these compromised devices, reallocating the funds into government resources in light of the potential risks involved.
This incident raises critical concerns regarding supply chain security, particularly within technology sectors. Applying the MITRE ATT&CK framework, the tactics involved in this situation relate to initial access via supply chain compromises and potentially persistence through OTA updates that allowed for the activation of DDoS functionalities. These exploits underscore the importance of rigorous cybersecurity measures during product development and distribution.
In conclusion, as the investigation continues, business owners and technology stakeholders are advised to remain vigilant and proactive in assessing the security measures within their supply chains, particularly in understanding how integral device capabilities may be exploited in unforeseen scenarios.
