Viasat hack

The Viasat hack was a cyberattack on American communications company Viasat affecting their KA-SAT network.[1]

Events

On 24 February, 2022, the day Russia invaded Ukraine, thousands of Viasat modems got bricked by a "deliberate ... cyber event". Thousands of customers in Europe have been without internet for a month since.[2]

Remote control of 5,800 wind turbines belonging to Enercon in Central Europe was affected.[3]

The National Security Agency was reported to be investigating the attack in March 2022.[1]

On 31 March, 2022, SentinelOne researchers Juan Andres Guerrero-Saade and Max van Amerongen announced the discovery of a new wiper malware codenamed AcidRain designed to permanently disable routers. [4] Viasat later confirmed that the AcidRain malware was used during the 'cyber event'.[5] AcidRain shares code with VPNFilter, a 2018 cyber operation against routers attributed to the Russian military by the FBI. [6] On 10 May, 2022, the European Union condemned the attack targeting Viasat's KA-SAT network as a Russian operation. [7]

The Viasat hack led Ukraine to deem Starlink as a potential solution for communications amidst the war as Russia had damaged or destroyed other means to communicate and get Internet within the country.[8][9][10]

Viasat Analysis

According to Viasat, the attacker used a poorly configured virtual private network appliance to gain access to the trusted management part of the KA-SAT network.[11] The attackers then issued commands to overwrite part of the flash memory in modems, making them unable to access the network, but not permanently damaged.[11] The satellite itself and its ground infrastructure were not directly affected.[11]

References

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.