The Viasat hack was a cyberattack on American communications company Viasat affecting their KA-SAT network.[1]

Events Edit

On 24 February, 2022, the day Russia invaded Ukraine, thousands of Viasat modems got bricked[buzzword][further explanation needed] by a "deliberate ... cyber event". Thousands of customers in Europe have been without internet for a month since.[2][needs update]

Remote control of 5,800 wind turbines belonging to Enercon in Central Europe was affected.[3]

The National Security Agency was reported to be investigating the attack in March 2022.[1]

On 31 March, 2022, SentinelOne researchers Juan Andres Guerrero-Saade and Max van Amerongen announced the discovery of a new wiper malware codenamed AcidRain designed to permanently disable routers. [4] Viasat later confirmed that the AcidRain malware was used during the 'cyber event'.[5] AcidRain shares code with VPNFilter, a 2018 cyber operation against routers attributed to the Russian military by the FBI. [6] On 10 May, 2022, the European Union condemned the attack targeting Viasat's KA-SAT network as a Russian operation. [7]

The Viasat hack led Ukraine to deem Starlink as a potential solution for communications amidst the war as Russia had damaged or destroyed other means to communicate and get Internet within the country.[8][9][10]

Viasat Analysis Edit

According to Viasat, the attacker used a poorly configured virtual private network appliance to gain access to the trusted management part of the KA-SAT network.[11] The attackers then issued commands to overwrite part of the flash memory in modems, making them unable to access the network, but not permanently damaged.[11] The satellite itself and its ground infrastructure were not directly affected.[11]

References Edit

  1. ^ a b Mott, Nathaniel (2022-03-12). "Report: NSA Investigates Viasat Hack That Coincided With Ukraine Invasion". PCMag. Retrieved 2023-04-07.
  2. ^ A Mysterious Satellite Hack Has Victims Far Beyond Ukraine Wired. 2022.
  3. ^ "Satellite outage knocks out thousands of Enercon's wind turbines". Reuters. 2022-02-28. Retrieved 2023-04-07.
  4. ^ Dan Goodin (31 March 2022). "Mystery solved in destructive attack that knocked out >10k Viasat modems". Ars Technica.
  5. ^ Guerrero-Saade, Juan Andres. "AcidRain: A Modem Wiper Rains Down on Europe". SentinelLabs.
  6. ^ "Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices". U.S. Department Of Justice. 23 May 2018.
  7. ^ "Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union". Council of the EU.
  8. ^ Sheetz, Michael (2022-02-28). "Viasat believes 'cyber event' is disrupting its satellite-internet service in Ukraine". CNBC. Retrieved 2023-09-09.
  9. ^ Elon Musk says SpaceX's Starlink satellites active over Ukraine after request from embattled country's leaders, The Independent (26 February 2022)
  10. ^ Farrow, Ronan (2023-08-21). "Elon Musk's Shadow Rule". The New Yorker. ISSN 0028-792X. Retrieved 2023-09-09.
  11. ^ a b c Vigliarolo, Brandon (2022-03-30). "Viasat spills on the Russian attack, warns of continued risks". The Register. Retrieved 2023-04-08.

External links Edit