Sometime in late 1997, a Russian hacker, using a combination of social engineering and a dictionary attack, may have obtained a login and password to an internet-connected file transfer protocol (FTP) server located on the National Aeronautics and Space Administration’s (NASA’s) agencywide mission computer network. To bypass firewalls and cover his tracks, the hacker conducted an FTP bounce scan, which locates servers and hosts within a network that have vulnerable ports. The hacker found a particular server that allowed read and write access to all files contained on the server.
In this case, the Goddard Space Flight Center server managed files associated with the RoSat’s command-and-control systems. Unbeknownst to the RoSat mission team, the hacker changed values in the algorithms used by the system’s star tracker. As a result, the RoSat miscalculated its alignment and turned toward the sun, causing overheating. NASA was able to correct for what it believed was an accident. The space agency saved the satellite and salvaged the mission. But the hacker tried again months later, this time changing the code for the attitude-control system. The satellite slewed out of control, pointing the X-ray imager toward the sun and irreparably damaging it. The decommissioned RoSat burned up on reentry to the atmosphere in 2011.
Further reading: https://www.usni.org/magazines/proceedings/2021/february/asat-goes-cyber