A cyberattack targeting a satellite network used by the Ukrainian government and military agencies shortly after the Russian invasion was also taken offline…
A cyberattack targeting a satellite network used by the Ukrainian government and military agencies shortly after the Russian invasion has also knocked tens of thousands of high-speed internet users across Europe offline, the owner of the network revealed on Wednesday. satellite.
US-based owner Viasat has provided new details on how the cyberattack, the largest known attack of its kind in the war to date, was carried out and its large-scale impact. The attack affected users from Poland to France and disrupted remote access to thousands of wind turbines in central Europe.
Viasat did not say in its statement who it believes was responsible for the attack. Ukrainian officials blamed Russian hackers.
The Viasat attack, which came just as Russia was launching its invasion, was seen by many at the time as the harbinger of a wave of serious cyberattacks extending beyond Ukraine. But, so far, these attacks have not materialized, although security researchers say the most impactful war-related cyber operations are likely taking place in the shadows. A free-for-all of smaller attacks, many apparently carried out by volunteers, was carried out.
The attack, however, highlighted how satellite technology that serves both military and non-military customers can be targeted in conflict, with the impact felt by individuals and businesses far from the battlefield.
The attack in the early hours of February 24 on the KA-SAT satellite network began with a distributed denial of service attack that took a large number of modems offline. It then moved on to a destructive attack in which a malicious software update distributed over the network rendered tens of thousands of modems across Europe unusable by overwriting their internal memory, Viasat said.
It said it has shipped 30,000 replacement modems to affected customers across Europe, most of whom use the service for residential broadband internet access.
The attack caused a significant loss of communications in Ukraine in the early hours of the Russian invasion, senior Ukrainian cybersecurity official Victor Zhora told reporters earlier this month. When asked who was responsible, Zhora replied, “We don’t need to attribute it since we have clear evidence that it was organized by Russian hackers to disrupt the connection between customers using this satellite system”.
He said he had no information on whether the service had been restored and could not say which Ukrainian agencies beyond the military were involved. The contracts show, however, that Zhora’s own agency, the State Service for Special Communications, is among the clients that also include police departments and municipalities.
Viasat, based in Carlsbad, Calif., said the initial denial of service attack originated from modems inside Ukraine. He did not specify how the destructive malware entered the network, except to say that a “misconfiguration” in a virtual private network appliance was compromised, allowing attackers remote access.
Once inside the network, the attackers were able to push out a software update affecting tens of thousands of modems across Europe.
It was unclear how the attackers hacked into the VPN appliance. Satellite cybersecurity researcher Ruben Santamarta said it was important to know if they had obtained credentials or exploited a known vulnerability. Viasat declined to provide details on Wednesday, citing an ongoing investigation.
The ground network is managed by Skylogic, an Italian subsidiary of Eutelsat, from which Viasat purchased the KA-SAT satellite in April last year.
Viasat’s investigation into the attack was led by US cybersecurity firm Mandiant.
Copyright © 2022 The Associated Press. All rights reserved. This material may not be published, broadcast, written or redistributed.