The satellite owner revealed Wednesday that a cyberattack on a satellite network used in Ukraine’s military and government agencies was also conducted shortly after Russia invaded. It also shut down tens of thousands more broadband internet users in Europe.
Viasat, a U.S.-based company, gave new details about how the cyberattack, which was the largest known of its kind, was carried out and the wide-ranging effects. Users from France to Poland were affected by the attack, which also prevented them from remote access to many wind turbines in central Europe.
Viasat didn’t say who it believed was behind the attack in its statement. Ukrainian officials blame Russian hackers.
Many saw the Viasat attack as a sign of an upcoming wave of serious hacker attacks that would reach beyond Ukraine. However, these attacks have not yet occurred, although security experts believe that the most significant cyber-related war crimes are occurring in the shadows. Many of the attacks were carried out by volunteers and have resulted in a free-for all .
However, the attack highlighted the fact that satellite technology that serves both military clients and nonmilitary clients can be used in conflict. Individuals and businesses far away from the battlefield will feel the effects.
In the early hours on February 24, a distributed attack on the KASAT satellite network started with a denial-of service onslaught that knocked offline a large number modems. Viasat stated that the attack evolved into a more destructive one in which a malicious update to the network made tens of thousand modems in Europe unusable. This overwritten their internal memory.
It stated that it had shipped 30,000 replacement modems across Europe to customers affected by the service, which is used mainly for residential broadband internet access.
Victor Zhora, a top Ukrainian cybersecurity official, told reporters that the attack caused major disruptions in Ukraine’s communications during Russia’s invasion in the early hours. Zhora answered that he didn’t know who was responsible as there is clear evidence that the attack was orchestrated by Russian hackers to disrupt satellite connection between customers.
He stated that he didn’t know if the service was restored and couldn’t say which agencies in Ukraine were affected. However, contracts show that Zhora’s agency, the State Service for Special Communications is one of those customers. This includes police agencies as well as municipalities.
Viasat, which is based in Carlsbad (California), stated that the initial denial-of-service attack originated from modems within Ukraine. The attackers were able to access remote areas of the network through a “misconfiguration” in the virtual private network appliance.
Once inside the network, they were able distribute a software upgrade that affected tens to thousands of modems throughout Europe.
The attackers broke into the VPN appliance was not clear. Ruben Santamarta, a satellite cybersecurity researcher, said that it was crucial to find out whether the attackers had gained credentials or exploited an existing vulnerability. Viasat declined Wednesday to give details citing ongoing investigations.
Skylogic, an Italy-based subsidiary to Eutelsat, manages the ground-based network. Viasat bought the KA-SAT satellite from Skylogic in April last year.
Viasat was aided by Mandiant, a U.S. cybersecurity firm.