Ukrainian satellite internet service hit by cyberattack, intelligence agencies investigate


A cyberattack that disrupted international internet and satellite TV provider Viasat is being investigated by French, US and Ukrainian intelligence services as a potential action by Russian hackers.

The service disruption began on the morning of February 24 when Russian forces launched direct assaults on several Ukrainian towns. The full impact of the disruption is not yet known, but at a minimum, satellite internet service has been cut for tens of thousands of customers across Europe. The attack targeted modems intended to link satellite Internet service to customers in Ukraine and other countries.

Satellite internet service temporarily interrupted in Ukraine, hacking activity confirmed

Ukrainian intelligence is investigating the cyberattack with analysts from the US National Security Agency (NSA) and the French cybersecurity organization ANSSI. The hacking and sabotage of satellite internet service has been confirmed, but there has been no public attribution to Russia (or ally Belarus, which has also been linked to cyberattacks during the war). ‘Ukraine).

The cyberattack disabled customers’ modems interfacing with the Viasat KA-SAT satellite for their internet service. The United States is involved as Viasat is based in the country and works as a defense contractor for the US government in addition to providing retail services, and has also contracted with the police and military Ukrainians. Some service has been restored, but some Viasat customers’ service currently remains offline.

Since Viasat is known to provide satellite internet services to the Ukrainian military, the cyberattack may have been an attempt to disrupt communications between “smart weapon” systems deployed across the country. However, it is not known if there was any disruption other than retail customer modems at the time. It appears that customers in Germany, France, Hungary, Greece, Italy, Poland, the Czech Republic and Slovakia also experienced outages in satellite internet service believed to be linked to the incident.

The one thing that is certain about this cyberattack is that Russia will continue to either not comment or deny any involvement, the country’s standard modus operandi, regardless of the suspicious circumstances surrounding such an incident.

Cyberattack cripples customer modems, requiring technician to fix it

The cyberattack hit SurfBeam 2 modems and appears to have completely disabled them, according to officials familiar with the situation. Modems were rendered totally inoperable to the point that they could no longer be physically turned on. A Viasat official said the modems would need to be reprogrammed by a technician to work again, and in some cases they could be beyond repair and need to be replaced.

In addition to the involvement of American and French intelligence analysts, Viasat retained the services of the American cybersecurity company Mandiant to help with the investigation. The company is one of the biggest in the business and recently announced that it was being acquired by Google for $5.4 billion.

Initially attributed as a Distributed Denial of Service (DDoS) attack by some media outlets, later statements from government sources revealed that the modems had been fried by a malicious update apparently prepared by hackers with access to part of the network. Viasat.

The move would hardly be out of place for Putin’s government, which has a long history of using strategic cyberattacks in the region dating back to the 2008 invasion of Georgia. Specific to Ukraine, the country has engaged in periodic cyberattacks dating back to 2013. This has included shutdowns of news and social media sites, temporary closures of sections of the power grid and banks, jamming of phones belonging to members of parliament Ukraine, and even the physical cutting of fiber optic cables during the 2014 invasion of Crimea. become a global problem.

Cyberattacks have been surprisingly limited so far in 2022, with suspicions of website vandalism and limited DDoS attacks occurring just before and just after the start of the war. At least for now, Russia seems content to use conventional warfare to force Ukraine to surrender. However, organizations around the world are preparing for potential strikes in retaliation for tough sanctions on Russia, and some private ransomware groups have pledged to help the country’s government attack foreign targets.

Government sources revealed that the modems had been fried by a malicious update apparently prepared by #hackers with access to part of Viasat’s network. #cybersecurity #respectdataClick to tweet

Elon Musk, who offered Starlink to residents of Ukraine soon after the war began, said there were “several” attempts to disrupt satellite internet service.

Previous ID.me and Gravity Diagnostics to Highlight Best Practices in Identity Verification, Patient Experience and Healthcare Interoperability at HIMSS
Next South African Mining Investment Forum Webinar