[ad_1]
A cyberattack targeting a satellite network used by the Ukrainian government and military agencies shortly after Russia’s invasion took tens of thousands of broadband internet users across Europe offline, the satellite owner said on Wednesday.
The US-based owner of Viasat has provided new details on how the cyberattack, the largest known attack ever in the war, was carried out and its far-reaching impact. The attack affected users from Poland to France and blocked remote access to thousands of wind turbines in Central Europe.
In a statement, Viasat did not say who it believes was responsible for the attack. Ukrainian authorities blamed Russian hackers.
The Viasat attack, which came as Russia launched its invasion, was seen by many at the time as the harbinger of a serious wave of cyberattacks extending beyond Ukraine. But so far these attacks have not occurred, although security researchers say the most effective war-related cyber operations are likely to take place in the shadows. There have been smaller, free-for-all attacks, apparently mostly by volunteers.
The attack highlighted how satellite technology serving both military and non-military customers can be targeted in a conflict, and the impact has been felt by individuals and businesses far from the battlefield.
The attack on the KA-SAT satellite network in the early hours of February 24 began with a distributed denial of service attack that disabled a large number of modems. Viasat later said it underwent a devastating attack in which a malware update distributed over the network overwrote their internal memory, rendering tens of thousands of modems inoperable across Europe.
It said it has sent 30,000 replacement modems across Europe to affected customers, most of whom use the service for residential broadband internet access.
Victor Zhora, a senior Ukrainian cybersecurity official, told reporters earlier this month that the attack caused a massive loss of communications in Ukraine in the early hours of Russia’s invasion. When asked who was responsible, Zhora said, “We don’t need to attribute this as we have clear evidence that it was orchestrated by Russian hackers to cut the connection between customers using this satellite system.”
He said he had no knowledge of whether the service had been restored and could not say which Ukrainian institutions beyond the military were affected. But the contracts indicate that Zhora’s own agency, the State Service of Special Communications, is among clients, which include police departments and municipalities.
Carlsbad, California-based Viasat said the first denial-of-service attack was caused by modems inside Ukraine. He did not specify how the devastating malware got into the network, except to say that a “misconfiguration” on a virtual private network device was compromised by allowing attackers to gain remote access.
Once inside the network, the attackers managed to deploy a software update that affected tens of thousands of modems across Europe.
How the attackers breached the VPN device was unknown. Satellite cybersecurity researcher Ruben Santamarta said it’s important to know if they’re getting their credentials or exploiting a known vulnerability. Viasat declined to provide details Wednesday, citing an ongoing investigation.
The ground-based network is managed by Skylogic, an Italy-based subsidiary of Eutelsat, from which Viasat acquired the KA-SAT satellite in April last year.
Viasat’s investigation into the attack was conducted by the US cybersecurity firm Mandiant.
[ad_2]
Source link