Hawai'i's Gemini North observatory suspends operations following cyberattack

A U.S. national center for astronomy was struck with a cyberattack this week that hindered the operations of an observatory in Hawai'i.

The National Science Foundation’s National Optical-Infrared Astronomy Research Laboratory – also known as NOIRLab – did not respond to requests for comment but published a notice on Tuesday night explaining that the lab had discovered an attempted cyberattack on its systems that morning.

The attack forced the “suspension of astronomical observations at Gemini North in Hawai'i.” Located in Maunakea, Gemini North is one of the Gemini Observatory's two telescopes, with the other in Chile, and is an international science partnership between the U.S., Canada, Chile, Brazil, Argentina and South Korea.

“Quick reactions by the NOIRLab cyber security team and observing teams prevented damage to the observatory. Out of an abundance of caution we have decided to isolate the Gemini Observatory computer systems by shutting them down,” the organization said.

“The Gemini website and proposal tools are currently offline but the NOIRLab website remains online. The Gemini North telescope was safely stowed in its zenith-pointing position, and the Gemini South telescope was in a planned shutdown for engineering work.”

Both the telescopes in Hawai'i and in Cerro Pachón, Chile have been shut down as the IT team investigates the incident and “develops the recovery plan in consultation with NSF’s cyber specialists.”

The lab did not say if the incident was a ransomware attack but said it had no impact on the infrastructure of other NOIRLab centers.

In October, hackers targeted one of the world’s largest astronomical observatories — the Atacama Large Millimeter Array (ALMA) observatory in Chile — with a cyberattack that forced it to suspend work.

The observatory was able to restore its systems within a month. In April, the American Meteorological Society confirmed that it had been hit with ransomware in an incident that was claimed by the Cactus ransomware group last week.

At the time, Executive Director Stella Kafka said they were working with IT consultants, security experts, and insurance agencies “to address all aspects of the security event and its impact on our systems and community.” The hackers stole the names, addresses and birthdates of employees during the ransomware attack

There have been dozens of attacks on laboratories and science centers in recent years, including attacks on the National Institute of Ocean Technology in India and the Institute of Science and Technology in Austria.