Viasat hack

From HandWiki
Short description: Cyber attack on US communications compoany Viasat


The Viasat hack was a cyberattack on American communications company Viasat affecting their KA-SAT network.[1]

Events

On 24 February, 2022, the day Russia invaded Ukraine, thousands of Viasat modems got bricked[buzzword][further explanation needed] by a "deliberate ... cyber event". Template:Update span

Remote control of 5,800 wind turbines belonging to Enercon in Central Europe was affected.[2]

The National Security Agency was reported to be investigating the attack in March 2022.[1]

On 31 March, 2022, SentinelOne researchers Juan Andres Guerrero-Saade and Max van Amerongen announced the discovery of a new wiper malware codenamed AcidRain designed to permanently disable routers. [3] Viasat later confirmed that the AcidRain malware was used during the 'cyber event'.[4] AcidRain shares code with VPNFilter, a 2018 cyber operation against routers attributed to the Russian military by the FBI. [5] On 10 May, 2022, the European Union condemned the attack targeting Viasat's KA-SAT network as a Russian operation. [6]

The Viasat hack led Ukraine to deem Starlink as a potential solution for communications amidst the war as Russia had damaged or destroyed other means to communicate and get Internet within the country.[7][8][9]

Viasat Analysis

According to Viasat, the attacker used a poorly configured virtual private network appliance to gain access to the trusted management part of the KA-SAT network.[10] The attackers then issued commands to overwrite part of the flash memory in modems, making them unable to access the network, but not permanently damaged.[10] The satellite itself and its ground infrastructure were not directly affected.[10]

References

  1. 1.0 1.1 Mott, Nathaniel (2022-03-12). "Report: NSA Investigates Viasat Hack That Coincided With Ukraine Invasion". PCMag. https://www.pcmag.com/news/report-nsa-investigates-viasat-hack-that-coincided-with-ukraine-invasion. 
  2. "Satellite outage knocks out thousands of Enercon's wind turbines". Reuters. 2022-02-28. https://www.reuters.com/business/energy/satellite-outage-knocks-out-control-enercon-wind-turbines-2022-02-28/. 
  3. Dan Goodin (31 March 2022). "Mystery solved in destructive attack that knocked out >10k Viasat modems". Ars Technica. https://arstechnica.com/information-technology/2022/03/mystery-solved-in-destructive-attack-that-knocked-out-10k-viasat-modems. 
  4. Guerrero-Saade, Juan Andres. "AcidRain: A Modem Wiper Rains Down on Europe". SentinelLabs. https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/. 
  5. "Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices". U.S. Department Of Justice. 23 May 2018. https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected. 
  6. "Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union". Council of the EU. https://www.consilium.europa.eu/en/press/press-releases/2022/05/10/russian-cyber-operations-against-ukraine-declaration-by-the-high-representative-on-behalf-of-the-european-union/. 
  7. Sheetz, Michael (2022-02-28). "Viasat believes 'cyber event' is disrupting its satellite-internet service in Ukraine" (in en). https://www.cnbc.com/2022/02/28/ukraine-updates-viasat-says-cyber-event-disrupting-satellite-internet-service.html. 
  8. Elon Musk says SpaceX's Starlink satellites active over Ukraine after request from embattled country's leaders, The Independent (26 February 2022)
  9. Farrow, Ronan (2023-08-21). "Elon Musk’s Shadow Rule" (in en-US). The New Yorker. ISSN 0028-792X. https://www.newyorker.com/magazine/2023/08/28/elon-musks-shadow-rule. 
  10. 10.0 10.1 10.2 Vigliarolo, Brandon (2022-03-30). "Viasat spills on the Russian attack, warns of continued risks". The Register. https://www.theregister.com/2022/03/30/viasat_spills_on_russian_attack/. 

External links