Viasat hack

The Viasat hack was a cyberattack on American communications company Viasat affecting their KA-SAT network.[1]

Events

On 24 February, 2022, the day Russia invaded Ukraine, thousands of Viasat modems got bricked by a "deliberate ... cyber event". Thousands of customers in Europe have been without internet for a month since.[2]

Remote control of 5,800 wind turbines belonging to Enercon in Central Europe was affected.[3]

The National Security Agency was reported to be investigating the attack in March 2022.[1]

On 31 March, 2022, SentinelOne researchers Juan Andres Guerrero-Saade and Max van Amerongen announced the discovery of a new wiper malware codenamed AcidRain designed to permanently disable routers. [4] Viasat later confirmed that the AcidRain malware was used during the 'cyber event'.[5] AcidRain shares code with VPNFilter, a 2018 cyber operation against routers attributed to the Russian military by the FBI. [6] On 10 May, 2022, the European Union condemned the attack targeting Viasat's KA-SAT network as a Russian operation. [7]

The Viasat hack led Ukraine to deem Starlink as a potential solution for communications amidst the war as Russia had damaged or destroyed other means to communicate and get Internet within the country.[8][9][10]

Viasat Analysis

According to Viasat, the attacker used a poorly configured virtual private network appliance to gain access to the trusted management part of the KA-SAT network.[11] The attackers then issued commands to overwrite part of the flash memory in modems, making them unable to access the network, but not permanently damaged.[11] The satellite itself and its ground infrastructure were not directly affected.[11]

References
  1. Mott, Nathaniel (2022-03-12). "Report: NSA Investigates Viasat Hack That Coincided With Ukraine Invasion". PCMag. Retrieved 2023-04-07.
  2. A Mysterious Satellite Hack Has Victims Far Beyond Ukraine Wired. 2022.
  3. "Satellite outage knocks out thousands of Enercon's wind turbines". Reuters. 2022-02-28. Retrieved 2023-04-07.
  4. Dan Goodin (31 March 2022). "Mystery solved in destructive attack that knocked out >10k Viasat modems". Ars Technica.
  5. Guerrero-Saade, Juan Andres. "AcidRain: A Modem Wiper Rains Down on Europe". SentinelLabs.
  6. "Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices". U.S. Department Of Justice. 23 May 2018.
  7. "Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union". Council of the EU.
  8. Sheetz, Michael (2022-02-28). "Viasat believes 'cyber event' is disrupting its satellite-internet service in Ukraine". CNBC. Retrieved 2023-09-09.
  9. Elon Musk says SpaceX's Starlink satellites active over Ukraine after request from embattled country's leaders, The Independent (26 February 2022)
  10. Farrow, Ronan (2023-08-21). "Elon Musk's Shadow Rule". The New Yorker. ISSN 0028-792X. Retrieved 2023-09-09.
  11. Vigliarolo, Brandon (2022-03-30). "Viasat spills on the Russian attack, warns of continued risks". The Register. Retrieved 2023-04-08.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.