WIRED: "A Mysterious Satellite Hack Has Victims Far Beyond Ukraine"



A Mysterious Satellite Hack Has Victims Far Beyond UkraineWIRED wrote: "More than 22,000 miles above Earth, the KA-SAT is locked in orbit. Traveling at 7,000 miles per hour, in sync with the planet’s rotation, the satellite beams high-speed internet down to people across Europe.

Since 2011, it has helped homeowners, businesses, and militaries get online. However, as Russian troops moved into Ukraine during the early hours of February 24, satellite internet connections were disrupted. A mysterious cyberattack against the satellite’s ground infrastructure—not the satellite itself—plunged tens of thousands of people into internet darkness.

Among them were parts of Ukraine’s defenses. “It was a really huge loss in communications in the very beginning of war,” Viktor Zhora, a senior official at Ukraine’s cybersecurity agency, the State Services for Special Communication and Information Protection (SSSCIP), reportedly said two weeks later. He did not provide any more details, and SSSCIP did not respond to WIRED’s request for comment. But the attack against the satellite internet system, owned by US company Viasat since last year, had even wider ramifications. People using satellite internet connections were knocked offline all across Europe, from Poland to France.

Almost a month after the attack, the disruptions continue. Thousands still remain offline in Europe—around 2,000 wind turbines are still disconnected in Germany—and companies are racing to replace broken modems or fix connections with updates. Multiple intelligence agencies, including those in the US and Europe, are also investigating the attack. The Viasat hack is arguably the largest publicly known cyberattack to take place since Russia invaded Ukraine, and it stands out for its impact beyond Ukraine’s borders. But questions about the details of the attack, its purpose, and who carried it out remain—although experts have their suspicions.

CONTINUED at WIRED

https://www.wired.com/story/viasat-internet-hack-ukraine-russia/

UPDATE: The Washington Post reported, while the US Government has yet to make a public announcement of the determination, US intelligence analysts have now attributed the attack against Viasat services to Russia's GRU, the country's military intelligence service.

UPDATE 4/2/2022 - The Plot Thickens

The Cyberwire reported: "Viasat has provided more information on the cyberattack against ground terminals that knocked its satellite Internet service offline in Ukraine (and in other parts of Europe) during the early stages of the Russian invasion. The company says it's working to fully restore service to affected customers, and that it's taking other steps to shore up its resilience. Those steps it's prudently not sharing, since it doesn't wish to give the attackers insight into Viasat's own defenses.

SentinelLabs researchers have concluded that Russian wiper malware, specifically a variant they call AcidRain, was deployed against Viasat modems, and Viasat has substantially confirmed SentinelLabs' analysis. "AcidRain is an ELF MIPS malware designed to wipe modems and routers," the researchers explain. "We assess with medium-confidence that there are developmental similarities between AcidRain and a VPNFilter stage 3 destructive plugin. In 2018, the FBI and Department of Justice attributed the VPNFilter campaign to the Russian government." AcidRain is the seventh wiper deployed against Ukraine since the beginning of its hybrid war, the others being WhisperKill, WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, and DoubleZero. The Viasat attack is noteworthy because it alone had significant spillover into operations outside Ukraine proper. It's regarded as the most serious cyberattack of Russia's war so far, and the most likely suspect is the GRU's Sandworm APT."

 


Topics: Russia



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews