Viasat hack

Last updated
Viasat Hack; KA-Sat Attack
Part of Russian invasion of Ukraine
Viasat-2-satellite.jpg
KA-SAT spot beams coverage.jpg
UK-MOD-Ukraine-2022-03-24.jpg
Location
Geostationary Earth Orbit and Ukraine
Action Russo-Ukrainian cyberwarfare
Belligerents

Flag of Ukraine.svg Ukraine

Transiting Exoplanet Survey Satellite artist concept (transparent background).png Viasat
Malware details
Technical nameAcidRain
Type Wiper malware (targeting broadband satellite modems/routers)
Subtype Modem / Router firmware Flash memory eraser
Classification Cyberwarfare cyberattack
Family VPNFilter
Isolation date15 March 2022
Cyberattack event
Date23-24 February 2022
Target Ukraine
Suspects Sandworm
Technical details
AcidRain (SentinelOne / “ukrop” sample) — ELF 32-bit MIPS binary
Platform
PackageStandalone ELF binary
FiletypeELF 32-bit MIPS executable
Abused exploitsViasat/Skylogic management network
Written inCompiled C/C/C++

The Viasat hack was a cyberattack against the satellite internet system of American communications company Viasat which affected their KA-SAT network. The hack happened on the day of Russia's invasion of Ukraine. [1]

Contents

Events

On February 23, 2022, hackers targeted a VPN installation, in a Turin management center, which provided network access to administrators and operators. The hackers gained access to management servers that gave them access to information about company’s modems. After a few hours, the hackers gained access to another server that delivered software updates to the modems which allowed them to deliver the wiper malware AcidRain. [2]

On 24 February, 2022, the day Russia invaded Ukraine, thousands of Viasat modems went offline. [3] The attack caused the malfunction in the remote control of 5,800 Enercon wind turbines in Germany and disruptions to thousands of organizations across Europe. [4]

On 31 March, 2022, SentinelOne researchers Juan Andres Guerrero-Saade and Max van Amerongen announced the discovery of a new wiper malware codenamed AcidRain designed to permanently disable routers. [5] Viasat later confirmed that the AcidRain malware was used during the 'cyber event'. [6] AcidRain shares code with VPNFilter, a 2018 cyber operation against routers attributed to the Russian military by the FBI. [7]

On 10 May, 2022, the European Union, the United States, and the United Kingdom condemned the attack targeting Viasat's KA-SAT network as a Russian operation. [8] [9] [10]

See also

References

  1. Mott, Nathaniel (2022-03-12). "Report: NSA Investigates Viasat Hack That Coincided With Ukraine Invasion". PCMag . Archived from the original on 2023-04-07. Retrieved 2023-04-07.
  2. Greig, Jonathan (11 August 2023). "NSA, Viasat say 2022 hack was two incidents; Russian sanctions resulted from investigation". therecord.media. Retrieved 2024-03-06.
  3. Burgess, Matt (23 March 2022). "A Mysterious Satellite Hack Has Victims Far Beyond Ukraine". Wired. ISSN   1059-1028. Archived from the original on 2024-01-27. Retrieved 2024-07-17.
  4. Sheahan, Maria; Steitz, Christoph; and Rinke, Andreas (2022-02-28). Murray, Miranda and Baum, Bernadette (eds.). "Satellite outage knocks out thousands of Enercon's wind turbines". Reuters . Archived from the original on 2023-04-08. Retrieved 2023-04-07.
  5. Goodin, Dan (31 March 2022). "Mystery solved in destructive attack that knocked out >10k Viasat modems". Ars Technica. Archived from the original on 26 March 2023. Retrieved 7 April 2023.
  6. Guerrero-Saade, Juan Andres (31 March 2022). "AcidRain: A Modem Wiper Rains Down on Europe". SentinelLabs. Archived from the original on 2024-01-15. Retrieved 2023-04-07.
  7. "Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices". U.S. Department Of Justice. 23 May 2018. Archived from the original on 19 April 2023. Retrieved 7 April 2023.
  8. "Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union". Council of the EU. 10 May 2022. Archived from the original on 2024-01-28. Retrieved 2023-04-07.
  9. "Attribution of Russia's Malicious Cyber Activity Against Ukraine". United States Department of State. Retrieved 2024-09-02.
  10. "Russia behind cyber-attack with Europe-wide impact an hour before Ukraine invasion". GOV.UK. Retrieved 2024-09-02.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.