NASA Faces Cybersecurity Threat: Alleged Hack of Internal Web Portals Revealed

By /

Listen to this Post

In March 2025, cybersecurity organization MonThreat reported alarming news: a threat actor has allegedly gained administrative access to NASA’s internal web portals. The breach could expose a variety of sensitive assets, including intellectual property, employee personal data, and export-controlled technologies. According to the post, the hacker claims to possess web shell access, VPN credentials, and tools for session hijacking on critical systems like NASA’s Technology Transfer Portal (T2 Portal). These claims raise serious concerns over the safety of confidential aerospace research and government data.

Alleged NASA Breach

A threat actor is reportedly selling access to

This breach could significantly impact NASA’s intellectual property, including patents, active projects, and agreements. Sensitive technology such as advanced propulsion systems and export-controlled hardware could be altered or manipulated. In addition, tools like the web shell could allow fraudulent transfers of aerospace equipment or deletion of critical security records. While NASA has not confirmed the breach, they are actively investigating and collaborating with cybersecurity experts.

What Undercode Say:

The threat of a compromise to NASA’s systems is a significant reminder of the vulnerabilities still present within federal agencies, especially those that handle sensitive or dual-use technologies. This breach, if verified, not only exposes the weakness of NASA’s internal infrastructure but also highlights the persistent challenges the agency faces in securing both public and private-facing portals.

NASA has previously dealt with similar breaches. For example, the 2018 breach involving the exposure of NASA employee SSNs and the 2019 Jira incident demonstrated the growing risk of identity theft and operational disruption. The new claim of a web shell gaining root access across multiple subdomains, including the T2 Portal, underscores a disturbing trend in the sophistication of cyberattacks targeting high-value assets like patents and export-controlled technologies.

One of the more worrying aspects of this new breach is the session hijacking capability that bypasses NASA’s two-factor authentication (AUID). By impersonating legitimate employee logins, threat actors could gain full access to restricted systems without raising suspicion. This mirrors earlier vulnerabilities, such as in NASA’s Jira system, where misconfigured permissions allowed the exposure of sensitive project data and emails.

Moreover, the alleged access to NASA’s Software Defined Networking (SDN) infrastructure adds an additional layer of complexity. With the ability to move laterally between segmented research networks, the attacker could potentially exploit vulnerabilities across different sectors of NASA’s operations. The possibility of modifying export control flags on technologies or altering licensing agreements would have serious ramifications for national security and global aerospace competition.

The fact that the actor is selling VPN credentials indicates a high level of sophistication and a clear plan for widespread exploitation of NASA’s systems. The implications are dire: alterations to licensing terms for emerging technologies or fraudulent transfers of aerospace equipment could undermine years of research and development, particularly in areas tied to the defense and aerospace industries.

Furthermore, the potential manipulation of the Disposition of Property System (DSPL) raises concerns about fraudulent asset transfers or the deletion of critical sanitization records. This could lead to the illegal export of controlled technology or the of risks associated with unsanitized equipment. Such a breach could have far-reaching consequences, not only for NASA but for the integrity of U.S. aerospace and defense programs.

Fact Checker Results:

  1. NASA has yet to confirm the validity of this breach. However, ongoing collaboration with cybersecurity firms and US-CERT suggests that NASA is taking proactive steps to assess the situation.
  2. Measures already underway include rotating credentials and issuing new security certificates to bolster authentication.
  3. Increased MFA challenges reported by contractors signal that NASA’s mitigation efforts are actively being tested in real-time.

References:

Reported By: https://cyberpress.org/nasa-internal-portal-acces/
Extra Source Hub:
https://www.instagram.com
Wikipedia: https://www.wikipedia.org
Undercode AI

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2Featured Image

Explore More: