The group prefers to abuse DVB-S Internet providers from countries in the Middle East and Africa. This makes the hijacking hard to detect by security researchers based in the U.S. or Europe since the targeted satellite beams cannot be monitored from those regions.
The method is technically easy to implement and provides better anonymity to attackers than renting a virtual private server from a hosting company or using a hacked server for command and control, the Kaspersky researchers said.
Other APT (advanced persistent threat) groups have been seen using satellite-based Internet links in the past, including Italian surveillance software maker Hacking Team and two cyberespionage groups known as Xumuxu and Rocket Kitten.
"If this method becomes widespread between APT groups or worse, cyber-criminal groups, this will pose a serious problem for the IT security and counter-intelligence communities," the Kaspersky researchers said.
Sign up for Computerworld eNewsletters.