Analysts are examining if the KA-SAT was hacked
Unidentified hackers disrupted broadband satellite internet access in Ukraine just as the Russian invasion began, according to Reuters. Analysts from Ukrainian intelligence, French cybersecurity ANSSI and US National Security Agency (NSA) are examining whether the remote sabotage of Viasat’s service was the work of Russian-state backed hackers preparing the battlefield by neutralising the opposition’s comms. On February the 24th the satellite service was blitzed with data from 5 am to 9 am, just as the Russian forces moved in. Meanwhile, missiles were fired at major Ukrainian cities including the capital, Kyiv.
Bitz-krieg was biggest ever military cyber attack
Satellite modems belonging to tens of thousands of customers in Europe were knocked offline, according US telco Viasat, which owns the affected network. Hackers disabled modems that communicate with Viasat’s KA-SAT satellite, which supplies internet access to some customers in Europe, including Ukraine. More than two weeks later some remain offline, resellers told Reuters. This would be one of the most significant wartime cyberattacks publicly disclosed so far, says Reuters. It alerted Western intelligence agencies because Viasat is a defence contractor for the US and multiple allies. Government contracts reviewed by Reuters show that KA-SAT has provided internet connectivity to Ukrainian military and police units.
Smart weapons neutralised
Disabling satellite internet connectivity would handicap Ukraine’s resistance to Russian forces because modern smart weapons rely on them, said Pablo Breuer, a former technologist for US special operations command (SOCOM). “Traditional land-based radios only reach so far. If you’re using modern smart systems, smart weapons, trying to do combined arms manoeuvres, then you must rely on these satellites,” Breuer told Reuters. The Russian Embassy in Washington made no comment but has repeatedly rejected allegations of cyber-sabotage.
Modem lights went over Europe
Viasat said the disruption for customers in Ukraine and elsewhere was triggered by a “deliberate, isolated and external cyber event” but has yet to provide forensic evidence to back its explanation of the loss of service. Jaroslav Stritecky, manager of Czech telco INTV. None of the four connection status lights on the curved Viasat-made SurfBeam 2 modems flashed. He recalled coming into work on the morning of the invasion and seeing a monitor showing regional satellite coverage in the Czech Republic, neighboring Slovakia and Ukraine all in red. “It was immediately clear what happened,” he said. Viasat said a misconfiguration in the “management section” of the satellite network had allowed the hackers remote access into the modems, knocking them offline.
Mis-management mystery
Most of the affected devices now need to be reprogrammed either by a technician on site or at a repair depot. Some will have to be swapped out. Some internet distributors are still waiting to replace their devices. Stritecky did not blame Viasat. The Viasat official would not explain what the misconfigured “management section” of the network referred to. KA-SAT and its associated ground stations, which Viasat purchased last year from European company Eutelsat, are still operated by a Eutelsat subsidiary. Reuters said Eutelsat referred questions back to Viasat.
Mandiant on the case
Now Viasat has hired US cybersecurity firm Mandiant, which specialises in tracking state-sponsored hackers, to investigate the intrusion, according to Reuters’ sources. Viasat said government clients who buy services direct from the company were unaffected. However, the KA-SAT network is run by a third party, which then delegates service to distributors. In recent years Ukraine’s military and security services have bought multiple comms systems that run over Viasat’s network, according to contracts posted on ProZorro, a Ukrainian transparency platform. The Ukrainian military were unavailable for comment. Spokespeople for the NSA, ANSSI and Mandiant declined to comment.