spaceSpace and PhysicsspaceAstronomy

Mysterious Cyberattack Shuts Down Yet More Telescopes For Weeks

It's pretty clear what they're after.

James Felton

James Felton

James Felton

James Felton

Senior Staff Writer

James is a published author with four pop-history and science books to his name. He specializes in history, strange science, and anything out of the ordinary.

Senior Staff Writer

Gemini North Observatory on top of Mauna Kea.

The Gemini North Observatory on top of Mauna Kea, affected by the attack.

Image credit: MarkoBeg/

A cyberattack on the National Optical-Infrared Astronomy Research Laboratory (NOIRLab) research center for ground-based astronomy has left several large telescopes unable to operate for weeks.

The attack took place on August 1, when NOIRLab say they detected a "cyber incident" in their computer systems, requiring them to suspend astronomical observations at the Gemini North telescope on Mauna Kea in Hawai'i.


"Quick reactions by the NOIRLab cyber security team and observing teams prevented damage to the observatory," NOIRLab said in a statement.

"Out of an abundance of caution we have decided to isolate the Gemini Observatory computer systems by shutting them down."

Weeks later, 10 telescopes are still offline and remote control of many unavailable. Science attempted to find out more about the nature of the attack, but NOIRLab declined to say whether the hack was a ransomware attack. In ransomware attacks, users are denied access to their files or control over their systems and the hacker says they will only give it back once a ransom is paid.

Though NOIRLab have not confirmed it, a ransomware attack would be a likely candidate for an attack. In late October last year, the Atacama Large Millimeter Array (ALMA) Observatory in Chile announced that a hack had forced the telescope offline. The incident, which left the observatory offline for over a month, was confirmed to be a ransomware attack


Hackers may target telescopes, as well as other science facilities, due to the worth of their data and the cost to the facilities when they are forced to shut down operations. While ALMA was offline it was losing around a quarter of a million dollars a day, with hackers likely gambling that ALMA would pay up to avoid the expense. Though technicians were quickly able to isolate the systems affected by the hackers without paying a ransom, ALMA was only able to return to operations on December 21, after almost two months offline.

Another problem might be a lack of investment in cybersecurity. VP of technical account management EMEA at Tanium, Chris Vaughan, told Infosecurity Magazine at the time of the ALMA attack that these facilities likely had "very limited" IT budgets.

“A high level of network visibility should be utilized as part of a zero-trust approach. This is where implicit trust is eliminated and the principle of ‘never trust, always verify’ is used,” he told the magazine.

“This means that strong authentication methods, network segmentation and lateral movement prevention is key. If these practices are embedded within an organization’s culture along with effective staff training, then institutions like ALMA can carry on their fantastic work without costly interruptions caused by cyber-threats.”


[H/T: Science]


spaceSpace and PhysicsspaceAstronomy
  • tag
  • telescope,

  • Astronomy,

  • observatory,

  • cyber attack,

  • cybersecurity,

  • ransomware