Posted on March 7, 2022 at 5:33 PM
Satellite network provider Viasat has become the latest victim of a cyberattack, in connection with the current crisis in Ukraine. The satellite provider has been battling with a series of connection issues since Russia’s invasion of Ukraine began. The company provides fast and reliable satellite-based internet connections, including in Ukraine.
Viasat reported that the terminals of the commercial satellite operators were compromised in its Central and Eastern European markets. The US-listed provider also noted that a “cyber attack” was suspected to be the reason behind the failures.
A report on the incident noted that the cyber attack started on the day that Russia invaded Ukraine, although the plan for the attack may have been made weeks earlier. The report revealed that the threat actors activated a faulty update, which caused customers of the KA-SAT to lose their internet service completely.
German Government Links The Attack To The War In Ukraine
Following the hacking incident, it means that several customers of the KA-SAT service will no longer have access to the internet.
The German government believes that the time of the attack and its coincidence with the Russian invasion of Ukraine makes the connection very possible. The note also pointed out that the KA-SAT is an obvious target since Eastern and Central Europe is being used intensively by the Ukrainian military.
Apart from the attack affecting Ukrainians, Germany also felt the consequence of the attack. About 3,000 wind turbines linked to the grid through Viasat and maintained remotely, were no longer accessible. However, they are still able to run and generate electricity. Investigation into the attack has not revealed any further impact on the infrastructure of the security supply in Germany. Accordingly, the attack has now been rated by the German government as a case of “cyber collateral damage.”
There is no information about the possible background or origin of the hackers, but further investigation may reveal a lot more about the incident. Viasat stated that it was still investigating the attack and will provide more information once they are available.
The federal government is taking the attack very seriously, which is shown by the number of agencies that participated in the conversation with Viasat following the attack. Apart from the Federal Network Agency, the Office of the Protection of the Constitution and the Federal Officer for Information Security were also represented.
The Attack Likely Carried Out By Sophisticated Group
The report also revealed that the attack was likely carried out by sophisticated hackers. The method of planting malware through software updates has the signatures of professional hackers who know what they are doing.
Attacks of this nature have occurred in the past and they were all carried out by sophisticated threat actors. This gives the thinking that the attack was carried out by state-sponsored hackers more credence. Right now, all evidence and speculation are pointing to Russia, but there is no direct link or evidence of that being the case.
The manipulated software update attack in 2017 was one of the most deadly cyber-attacks on satellite service providers. The attack then was also related to Ukraine. At that time, the threat actors spread the NotPetya malware initially via updates to the Ukrainian accounting software, MeDoc.
Shortly after the malicious code was planted, it quickly spread through the company’s networks of international operations. It escalated beyond Ukraine, hitting the Hamburg-based company Beiersdorf., the pharmaceutical group Merck, and logistics giant Maersk. In terms of damages, it was huge, amounting to nearly $10 billion.
At the time of the attack, the notorious “Sandworm” hacking syndicate, linked to the Russian military intelligence service GRU, was considered to be behind the attack.
The Recent Attack Affected 8 Gateway Stations
In the recent attack, a researcher with Bundeswehr University noted that the incident affected eight gateway stations around the world. If any of the stations were hit by a cyberattack, the impact can reach all beans connected to the single station.
It could be that Russia is trying to cut internet service in Ukraine, but the wind turbines in Central Europe were also disconnected from the internet. Apart from Viasat, other satellite internet providers in Ukraine are also having some issues. The Elon Musk-owned “Starlink” satellite service was activated in Ukraine two days after the war.
The terminals have already encountered issues as some of those closest to the conflict zones were disrupted, according to Musk. There has been a growing concern in Germany that the Russian cyberattacks targeted at Ukraine could have a spillover effect on Germany, as the case has been with Viasat.