Viasat hack
The Viasat hack was a cyberattack against the satellite internet system of American communications company Viasat which affected their KA-SAT network. The hack happened on the day of Russia's invasion of Ukraine.[1]
Events
On February 23, 2022, hackers targeted a VPN installation, in a Turin management center, which provided network access to administrators and operators. The hackers gained access to management servers that gave them access to information about company’s modems. After a few hours, the hackers gained access to another server that delivered software updates to the modems which allowed them to deliver the wiper malware AcidRain.[2]
On 24 February, 2022, the day Russia invaded Ukraine, thousands of Viasat modems went offline.[3] The attack caused the malfunction in the remote control of 5,800 Enercon wind turbines in Germany and disruptions to thousands of organizations across Europe.[4]
On 31 March, 2022, SentinelOne researchers Juan Andres Guerrero-Saade and Max van Amerongen announced the discovery of a new wiper malware codenamed AcidRain designed to permanently disable routers.[5] Viasat later confirmed that the AcidRain malware was used during the 'cyber event'.[6] AcidRain shares code with VPNFilter, a 2018 cyber operation against routers attributed to the Russian military by the FBI.[7]
On 10 May, 2022, the European Union, the United States, and the United Kingdom condemned the attack targeting Viasat's KA-SAT network as a Russian operation.[8][9][10]
See also
- Cyberwarfare by Russia
- Russian sabotage operations in Europe
References
- ↑ Mott, Nathaniel (2022-03-12). "Report: NSA Investigates Viasat Hack That Coincided With Ukraine Invasion". PCMag. https://www.pcmag.com/news/report-nsa-investigates-viasat-hack-that-coincided-with-ukraine-invasion.
- ↑ Greig, Jonathan (11 August 2023). "NSA, Viasat say 2022 hack was two incidents; Russian sanctions resulted from investigation" (in en). https://therecord.media/viasat-hack-was-two-incidents-and-resulted-in-sanctions.
- ↑ Burgess, Matt (23 March 2022). "A Mysterious Satellite Hack Has Victims Far Beyond Ukraine" (in en-US). Wired. ISSN 1059-1028. https://www.wired.com/story/viasat-internet-hack-ukraine-russia/. Retrieved 2024-07-17.
- ↑ Sheahan, Maria; Steitz, Christoph; Rinke, Andreas (2022-02-28). "Satellite outage knocks out thousands of Enercon's wind turbines". Reuters. https://www.reuters.com/business/energy/satellite-outage-knocks-out-control-enercon-wind-turbines-2022-02-28/.
- ↑ Goodin, Dan (31 March 2022). "Mystery solved in destructive attack that knocked out >10k Viasat modems". Ars Technica. https://arstechnica.com/information-technology/2022/03/mystery-solved-in-destructive-attack-that-knocked-out-10k-viasat-modems.
- ↑ Guerrero-Saade, Juan Andres (31 March 2022). "AcidRain: A Modem Wiper Rains Down on Europe". SentinelLabs. https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/.
- ↑ "Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices". U.S. Department Of Justice. 23 May 2018. https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected.
- ↑ "Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union". Council of the EU. 10 May 2022. https://www.consilium.europa.eu/en/press/press-releases/2022/05/10/russian-cyber-operations-against-ukraine-declaration-by-the-high-representative-on-behalf-of-the-european-union/.
- ↑ "Attribution of Russia's Malicious Cyber Activity Against Ukraine" (in en). https://www.state.gov/attribution-of-russias-malicious-cyber-activity-against-ukraine/.
- ↑ "Russia behind cyber-attack with Europe-wide impact an hour before Ukraine invasion" (in en). https://www.gov.uk/government/news/russia-behind-cyber-attack-with-europe-wide-impact-an-hour-before-ukraine-invasion.
External links
- KA-SAT Network cyber attack overview - from Viasat
 |  |
