Viasat hack

Last updated

The Viasat hack was a cyberattack on American communications company Viasat affecting their KA-SAT network. [1]

Contents

Events

On 24 February, 2022, the day Russia invaded Ukraine, thousands of Viasat modems got bricked [ buzzword ][ further explanation needed ] by a "deliberate ... cyber event". Thousands of customers in Europe lost internet access. [2]

Remote control of 5,800 wind turbines belonging to Enercon in Central Europe was affected. [3]

The National Security Agency was reported to be investigating the attack in March 2022. [1]

On 31 March, 2022, SentinelOne researchers Juan Andres Guerrero-Saade and Max van Amerongen announced the discovery of a new wiper malware codenamed AcidRain designed to permanently disable routers. [4] Viasat later confirmed that the AcidRain malware was used during the 'cyber event'. [5] AcidRain shares code with VPNFilter, a 2018 cyber operation against routers attributed to the Russian military by the FBI. [6] On 10 May, 2022, the European Union condemned the attack targeting Viasat's KA-SAT network as a Russian operation. [7]

The Viasat hack led Ukraine to deem Starlink as a potential solution for communications amidst the war as Russia had damaged or destroyed other means to communicate and get Internet within the country. [8] [9] [10]

Viasat Analysis

According to Viasat, the attacker used a poorly configured virtual private network appliance to gain access to the trusted management part of the KA-SAT network. [11] The attackers then issued commands to overwrite part of the flash memory in modems, making them unable to access the network, but not permanently damaged. [11] The satellite itself and its ground infrastructure were not directly affected. [11]

Related Research Articles

Telecommunications is one of the most modern, diverse and fast-growing sectors in the economy of Ukraine. Unlike country's dominating export industries, the telecommunications, as well as the related Internet sector, remain largely unaffected by the global economic crisis, ranking high in European and global rankings.

<span class="mw-page-title-main">Satellite Internet access</span> Satellite-provided Internet

Satellite Internet access or Satellite Broadband is Internet access provided through communication satellites. Modern consumer grade satellite Internet service is typically provided to individual users through geostationary satellites that can offer relatively high data speeds, with newer satellites using Ku band to achieve downstream data speeds up to 506 Mbit/s. In addition, new satellite internet constellations are being developed in low-earth orbit to enable low-latency internet access from space.

<span class="mw-page-title-main">Viasat (American company)</span> American communications company

Viasat is an American communications company based in Carlsbad, California, with additional operations across the United States and worldwide. Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.

Viasat may refer to:

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

<span class="mw-page-title-main">KA-SAT</span> Communications satellite

KA-SAT is a high-throughput geostationary telecommunications satellite owned by Viasat. The satellite provides bidirectional broadband Internet access services across Europe and a small area of the Middle East, and additionally the Saorsat TV service to Ireland. It is positioned at 9°E, joining the Eurobird 9A Ku band satellite. KA-SAT was manufactured by EADS Astrium, based on the Eurostar E3000 platform, with a total weight of 6 tons. It was launched by Proton in December 2010. The satellite is named after the Ka band frequency, which is used on the spacecraft.

In computer security, a wiper is a class of malware intended to erase the hard drive or other static memory of the computer it infects, maliciously deleting data and programs.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

Cyberwarfare is a part of Iran's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field.

Fancy Bear, also known as APT28, Pawn Storm, Sofacy Group, Sednit, Tsar Team and STRONTIUM or Forest Blizzard, is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This refers to its unified Military Unit Number of the Russian army regiments. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data, were targeted by Ukrainian drones on July 24, 2023, the rooftop on one of the buildings collapsed as a result of the explosion.

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

On December 23, 2015, the power grid in two western oblasts of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoing Russo-Ukrainian War (2014-present) and is attributed to a Russian advanced persistent threat group known as "Sandworm". It is the first publicly acknowledged successful cyberattack on a power grid.

<span class="mw-page-title-main">Petya (malware family)</span> Family of encrypting ransomware discovered in 2016

Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.

<span class="mw-page-title-main">Russo-Ukrainian cyberwarfare</span> Informatic component of the confrontation between Russia and Ukraine

Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the 2022 Russian invasion of Ukraine and the 2022 Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

<span class="mw-page-title-main">IT Army of Ukraine</span> Ukrainian cyberwarfare volunteer group

The IT Army of Ukraine is a volunteer cyberwarfare organisation created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24, 2022. The group also conducts offensive cyberwarfare operations, and Chief of Head of State Special Communications Service of Ukraine Victor Zhora said its enlisted hackers would only attack military targets.

A cyberattack happened in the Ukrainian capital Kyiv just before midnight on 17 December 2016, and lasted for just over an hour. The national electricity transmission operator Ukrenergo said that the attack had cut one fifth of the city's power consumption at that time of night.

<span class="mw-page-title-main">Starlink in the Russo-Ukrainian War</span> Co-operation between Ukraine and Starlink

In February 2022, two days after Russia's full-scale invasion, Ukraine requested American aerospace company SpaceX to activate their Starlink satellite internet service in the country to replace internet and communication networks degraded or destroyed during the war. Starlink has since been used by Ukrainian civilians, government and military. The satellite service has served for humanitarian purposes, as well as defense and attacks on Russian positions.

References

  1. 1 2 Mott, Nathaniel (2022-03-12). "Report: NSA Investigates Viasat Hack That Coincided With Ukraine Invasion". PCMag . Archived from the original on 2023-04-07. Retrieved 2023-04-07.
  2. A Mysterious Satellite Hack Has Victims Far Beyond Ukraine Archived 2024-01-27 at the Wayback Machine Wired. 2022.
  3. "Satellite outage knocks out thousands of Enercon's wind turbines". Reuters . 2022-02-28. Archived from the original on 2023-04-08. Retrieved 2023-04-07.
  4. Dan Goodin (31 March 2022). "Mystery solved in destructive attack that knocked out >10k Viasat modems". Ars Technica. Archived from the original on 26 March 2023. Retrieved 7 April 2023.
  5. Guerrero-Saade, Juan Andres. "AcidRain: A Modem Wiper Rains Down on Europe". SentinelLabs. Archived from the original on 2024-01-15. Retrieved 2023-04-07.
  6. "Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices". U.S. Department Of Justice. 23 May 2018. Archived from the original on 19 April 2023. Retrieved 7 April 2023.
  7. "Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union". Council of the EU. Archived from the original on 2024-01-28. Retrieved 2023-04-07.
  8. Sheetz, Michael (2022-02-28). "Viasat believes 'cyber event' is disrupting its satellite-internet service in Ukraine". CNBC. Archived from the original on 2023-09-18. Retrieved 2023-09-09.
  9. Elon Musk says SpaceX's Starlink satellites active over Ukraine after request from embattled country's leaders Archived 2022-02-27 at Ghost Archive, The Independent (26 February 2022)
  10. Farrow, Ronan (2023-08-21). "Elon Musk's Shadow Rule". The New Yorker. ISSN   0028-792X. Archived from the original on 2023-09-16. Retrieved 2023-09-09.
  11. 1 2 3 Vigliarolo, Brandon (2022-03-30). "Viasat spills on the Russian attack, warns of continued risks". The Register. Archived from the original on 2023-04-08. Retrieved 2023-04-08.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.