A cyber attack that disrupted international satellite internet and TV provider Viasat is being investigated by French, United States and Ukrainian intelligence services as a potential action by Russian hackers.
The service interruption began on the morning of February 24 as Russian forces began direct assaults on several Ukrainian cities. The full impact of the disruption is not yet known, but at minimum satellite internet service was cut off for tens of thousands of customers throughout Europe. The attack targeted modems meant to link the satellite internet service to customers in Ukraine and other countries.
Satellite internet service temporarily disrupted in Ukraine, hacking activity confirmed
Ukrainian intelligence is probing the cyber attack along with analysts from the U.S. National Security Agency (NSA) and the French cybersecurity organization ANSSI. Hacking and sabotage of the satellite internet service have been confirmed, but there has yet to be any public attribution to Russia (or ally Belarus, which has also been linked to cyber attacks during the Ukraine war).
The cyber attack disabled the modems of customers interfacing with the Viasat KA-SAT satellite for their internet service. The US is involved as Viasat is based in the country and works as a defense contractor for the American government in addition to providing retail services, and has also contracted with the Ukrainian police and military. Some of the service has been restored, but service to some Viasat customers remains offline at this time.
Given that Viasat is known to provide satellite internet services to Ukraine’s military, the cyber attack may have been an attempt to disrupt communications between “smart weapons” systems deployed throughout the country. However, it is not known if there was a disruption to anything but the modems of retail customers at this time. It appears that customers in Germany, France, Hungary, Greece, Italy, Poland, the Czech Republic and Slovakia also experienced interruptions to satellite internet service thought to be connected to the incident.
The one thing that is certain about this cyber attack is that Russia will either continue to provide no comment or deny involvement with it, the country’s standard modus operandi regardless of how suspicious the circumstances surrounding such an incident are.
Cyber attack cripples customer modems, requiring technician attention to fix
The cyber attack impacted SurfBeam 2 modems and appears to have completely disabled them, according to officials familiar with the situation. The modems were rendered totally inoperable to the point that they could not be physically turned on any longer. A Viasat official said that the modems would need to be reprogrammed by a technician to work again, and that in some cases they might be beyond repair and need to be swapped out.
In addition to the involvement by the US and French intelligence analysts, Viasat has retained US cybersecurity firm Mandiant to assist with the investigation. The company is one of the most prominent in the field and recently announced that it was being acquired by Google for $5.4 billion.
Initially attributed as a distributed denial of service (DDoS) attack by some media outlets, later statements from government sources revealed that the modems were fried by a malicious update apparently prepared by hackers with access to some portion of Viasat’s network.
The move would hardly be out of character for Putin’s government, which has a long history of using strategic cyber attacks in the region that dates all the way back to the invasion of Georgia in 2008. Specific to Ukraine, the country is thought to have engaged in periodic cyber attacks dating back as far as 2013. This has included shutdowns of news and social media sites, temporary shutdowns of sections of the power grid and banks, the jamming of phones belonging to members of the Ukraine parliament, and even the physical cutting of fiber optic cables during the 2014 invasion of Crimea. In the case of the “NotPetya” ransomware attacks of 2017, attacks on Ukraine have inadvertently spilled over national borders and become a global problem.
The cyber attacks have been surprisingly restrained thus far in 2022, with suspected website vandalism and limited DDoS attacks occurring just prior to and just after the start of the war. At least for the moment, Russia seems content to use conventional warfare to bully Ukraine into surrendering. Organizations around the world are preparing for potential strikes in retaliation for the harsh sanctions placed on Russia, however, and some private ransomware groups have pledged to assist the country’s government in attacking foreign targets.