Mysterious Threat Actor Targeting Space Telescopes


Work at the Gemini North Telescope in Hawaii and Gemini South Telescope in Chile, had to halt operations due to a cyber attack. These attacks also disrupted a number of other smaller telescopes.

USA, Hawaii, Mauna Kea volcano, telescopes at Mauna Kea Observatories at sunset

Given that some astronomical studies and activities require being precisely scheduled, it is disruptions like these that can cause derailment of research efforts if a number of these important windows are missed.

For every day where facilities are offline to researchers, a cost is incurred by the scientific community. This cost is the research data which is lost and not just money being lost.

A Work In Progress

NORILab can be quoted as saying the following:

“Our staff are working with cyber security experts to get all the impacted telescopes and website back online as soon as possible and are encouraged by the progress made thus far. Like the entire astronomy community, we are disappointed that some of our telescopes are not currently observing.”

Currently a handful of telescopes are manually being operated, which allows for some normal functionality & the pursuit of a limited number of scientific endeavours.

The Full Picture

Gemini North and South telescopes, are operated by the International Gemini Observatory. These telescopes enable scientists to obtain an almost complete view of the night sky, in other words they can see the fully picture.

These two telescopes have helped astronomers in capturing a variety of celestial events. Some of these events include the births of supernovae, as well as in 2022 the researchers that were at Gemini North were able to observe the closest known black hole to earth.

A Cyber Attack

Scientists and others have wondered what the motive was behind this cyber incident as the nature of it still remains a mystery.

Around 2 weeks after this initial incident, the US National Counterintelligence & Security Center published a bulletin about cyber threats to American space companies and research entities.

Foreign threat actors are aware of how important the space industry is to the US economy as well as National Security. This is due to the US dependence of its critical infrastructure on such space based assets.

Some might view the innovations in relation to American assets in space as a threat or potentially an opportunity to exploit them for the purpose of obtaining technology or expertise.

It is believed by American officials that the opening maneuver in the next international conflict will involve taking down space based communications and imaging sattelites useless according to the New York Times.


These affected observatories have refused to make any comments as to the nature of the cyber attack or if the attackers have demanded any ransom.

It can be assumed that a potential motive for the attack is to extort money from the operators of those observatories.

Last year the Atacama Large Millimetre Array (ALMA) Observatory in Chile experienced a ransomware attack which took it offline for about 60 days.

Preventing Attacks By Space Based Threats

in order to prevent future threats, those operating these observatories would need to invest more in IT security, even more so as cyber attacks get more sophisticated.

It is suggested that cyber security professionals operating in the space sector should keep any eye out and track any anomalous incidents on any networks and actively look for breaches.

They are also advised to identify potential foreign agents that might be inside the business. They are emphasizing the importance on protecting any important intellectual properties.

Leave a Reply

Your email address will not be published. Required fields are marked *