This article's lead section contains information that is not included elsewhere in the article. If the information is appropriate for the lead of the article, this information should also be included in the body of the article. (April 2023) (Learn how and when to remove this template message)

The Viasat hack was a cyberattack on American communications company Viasat affecting their KA-SAT network.[1]

Events

On 24 February, 2022, the day Russia invaded Ukraine, thousands of Viasat modems got bricked[buzzword][further explanation needed] by a "deliberate ... cyber event". Thousands of customers in Europe lost internet access.[2]

Remote control of 5,800 wind turbines belonging to Enercon in Central Europe was affected.[3]

The National Security Agency was reported to be investigating the attack in March 2022.[1]

On 31 March, 2022, SentinelOne researchers Juan Andres Guerrero-Saade and Max van Amerongen announced the discovery of a new wiper malware codenamed AcidRain designed to permanently disable routers. [4] Viasat later confirmed that the AcidRain malware was used during the 'cyber event'.[5] AcidRain shares code with VPNFilter, a 2018 cyber operation against routers attributed to the Russian military by the FBI. [6] On 10 May, 2022, the European Union condemned the attack targeting Viasat's KA-SAT network as a Russian operation. [7]

The Viasat hack led Ukraine to deem Starlink as a potential solution for communications amidst the war as Russia had damaged or destroyed other means to communicate and get Internet within the country.[8][9][10]

Viasat Analysis

According to Viasat, the attacker used a poorly configured virtual private network appliance to gain access to the trusted management part of the KA-SAT network.[11] The attackers then issued commands to overwrite part of the flash memory in modems, making them unable to access the network, but not permanently damaged.[11] The satellite itself and its ground infrastructure were not directly affected.[11]

References

  1. ^ a b Mott, Nathaniel (2022-03-12). "Report: NSA Investigates Viasat Hack That Coincided With Ukraine Invasion". PCMag. Archived from the original on 2023-04-07. Retrieved 2023-04-07.
  2. ^ A Mysterious Satellite Hack Has Victims Far Beyond Ukraine Archived 2024-01-27 at the Wayback Machine Wired. 2022.
  3. ^ "Satellite outage knocks out thousands of Enercon's wind turbines". Reuters. 2022-02-28. Archived from the original on 2023-04-08. Retrieved 2023-04-07.
  4. ^ Dan Goodin (31 March 2022). "Mystery solved in destructive attack that knocked out >10k Viasat modems". Ars Technica. Archived from the original on 26 March 2023. Retrieved 7 April 2023.
  5. ^ Guerrero-Saade, Juan Andres. "AcidRain: A Modem Wiper Rains Down on Europe". SentinelLabs. Archived from the original on 2024-01-15. Retrieved 2023-04-07.
  6. ^ "Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices". U.S. Department Of Justice. 23 May 2018. Archived from the original on 19 April 2023. Retrieved 7 April 2023.
  7. ^ "Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union". Council of the EU. Archived from the original on 2024-01-28. Retrieved 2023-04-07.
  8. ^ Sheetz, Michael (2022-02-28). "Viasat believes 'cyber event' is disrupting its satellite-internet service in Ukraine". CNBC. Archived from the original on 2023-09-18. Retrieved 2023-09-09.
  9. ^ Elon Musk says SpaceX's Starlink satellites active over Ukraine after request from embattled country's leaders Archived 2022-02-27 at Ghost Archive, The Independent (26 February 2022)
  10. ^ Farrow, Ronan (2023-08-21). "Elon Musk's Shadow Rule". The New Yorker. ISSN 0028-792X. Archived from the original on 2023-09-16. Retrieved 2023-09-09.
  11. ^ a b c Vigliarolo, Brandon (2022-03-30). "Viasat spills on the Russian attack, warns of continued risks". The Register. Archived from the original on 2023-04-08. Retrieved 2023-04-08.

External links

Hacking in the 2020s
Categories