The ransomware collective known as DopplePaymer is claiming it has penetrated the systems of a digital transformation company with close connections to the National Aeronautics and Space Administration (NASA).

The threat actors claim to have encrypted the servers of Digital Management, LCC (DMI) and seized numerous confidential documents in the hack. DMI’s elite client list includes many government agencies in the United States such as the Defence Information Systems Agency (DISA) and NASA, and covers a variety of services that range from mobile device management and Internet of Things (IoT) to cloud computing and Artificial Intelligence (AI).

A targeted attack on NASA data

Few details are currently available regarding the infiltration, however DopplePaymer has now published evidence of the attack in the form of sample archive files accompanied by a message to NASA.

The blog post said:

“We congratulate Space-X & NASA with successful launch. But as for NASA, their partners again don’t care about the data…”

The message and the material posted publicly suggest the ransomware group intentionally targeted documents linked with DMI’s connection with the space agency. The seized documents successfully taken in the attack include forecasts, invoices as well as Human Resources documentation that include Personally Identifiable Information (PII) on employees. The data contained in the files accessed without authorisation covers an extensive time period, with documents dating as far back as 2013.

The cybercriminal group additionally published an online list that included 2,583 enterprise servers and workstations it claimed to have compromised, offering details such as DNS hostnames, configurations, and the operating systems run on them as proof.

Tried and tested cybercrime tactics

DopplePaymer operators have recently adopted the practice employed by other ransomware groups such as Sodinokibi and MAZE, of publishing stolen information on a public site, to shame and harass victims that refuse to pay financial demands. The tactic uses blackmail to force targets into paying ransoms in order to avoid the consequences of confidential data being exposed. The results of this information being revealed publicly can mean not only bad press, but huge fines from data regulators and legal action from organisations and individuals with compromised data.

DopplePaymer ransomware has been designed to zero in on company systems, compromising networks with the aim of accessing admin credentials. Once this has been achieved, the ransomware is deployed throughout the system to fully encrypt all the enterprise’s devices.

DMI joins other companies that the ransomware group claim to have breached the IT systems of recently, like logistics experts Wolverine Freight System and Siegel Egg Co., a bakery, dairy and egg distributor based in the United States.

NASA made cyber security headlines in June last year when an unauthorised and unsecure device led to a security breach at its Jet Propulsion Laboratory (JPL). Cyber criminals seized around 500 megabytes of data from one of NASA’s most prominent mission systems in the hacking attack using a vulnerable Raspberry Pi that should not have been able to connect to the space agency’s network.