Viasat hack

From HandWiki
Short description: Cyber attack on US communications company Viasat
Viasat Hack; KA-Sat Attack
Part of Russian invasion of Ukraine
Location
Geostationary Earth Orbit and Ukraine
ActionRusso-Ukrainian cyberwarfare
Belligerents
  •  Russia
    • GRU
Commanders and leaders
  • Yuriy Shchyhol
  • Victor Zhora
Template:Infobox malware

The Viasat hack was a cyberattack against the satellite internet system of American communications company Viasat which affected their KA-SAT network. The hack happened on the day of Russia's invasion of Ukraine.[1] This was a hack in three stages and two events; gaining entry into a facility, uploading a malware to a satellite, and then having that satellite beam that signal back down to Earth, targeted at internet modems throughout Ukraine.[2][3][4] Collateral spillover did leak outside of the borders of Ukraine, impacting internet modems in Germany, Scandinavia, the United Kingdom, and elsewhere throughout Europe.

Events

On February 23, 2022, hackers targeted a VPN installation, in a Turin management center managed by Eutelsat, which provided network access to administrators and operators. The hackers gained access to management servers that gave them access to information about company’s modems. After a few hours, the hackers gained access to another server that delivered software updates to the modems which allowed them to deliver the novel wiper malware AcidRain.[5] Wiper malwares are designed to render their targets completely useless.

On 24 February, 2022, the day Russia invaded Ukraine, thousands of Viasat modems went offline.[6] The attack also caused the malfunction in the remote control of 5,800 Enercon wind turbines in Germany and disruptions to thousands of organizations across Europe.[7]

On 31 March, 2022, SentinelOne researchers Juan Andres Guerrero-Saade and Max van Amerongen announced the discovery of a new wiper malware codenamed AcidRain designed to permanently disable routers.[8] Viasat later confirmed that the AcidRain malware was used during the 'cyber event'.[9] AcidRain shares code with VPNFilter, a 2018 cyber operation against routers attributed to the Russian military by the FBI.[10]

On 10 May, 2022, the European Union, the United States, and the United Kingdom condemned the attack targeting Viasat's KA-SAT network as a Russian operation.[11][12][13]

See also

References

  1. Mott, Nathaniel (2022-03-12). "Report: NSA Investigates Viasat Hack That Coincided With Ukraine Invasion". PCMag. https://www.pcmag.com/news/report-nsa-investigates-viasat-hack-that-coincided-with-ukraine-invasion. 
  2. Vasquez, Christian (2023-08-10). "Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault" (in en-US). https://cyberscoop.com/viasat-ka-sat-hack-black-hat/. 
  3. Quiquet, François (2023-10-10). "An analysis of the Viasat cyber attack with the MITRE ATT&CK® framework" (in fr-FR). https://www.spacesecurity.info/an-analysis-of-the-viasat-cyber-attack-with-the-mitre-attck-framework/. 
  4. Poireault, Kevin (2023-05-09). "Five Takeaways From the Russian Cyber-Attack on Viasat’s Satellites" (in en-gb). https://www.infosecurity-magazine.com/news/takeaways-russian-cyberattack/. 
  5. Greig, Jonathan (11 August 2023). "NSA, Viasat say 2022 hack was two incidents; Russian sanctions resulted from investigation" (in en). https://therecord.media/viasat-hack-was-two-incidents-and-resulted-in-sanctions. 
  6. Burgess, Matt (23 March 2022). "A Mysterious Satellite Hack Has Victims Far Beyond Ukraine" (in en-US). Wired. ISSN 1059-1028. https://www.wired.com/story/viasat-internet-hack-ukraine-russia/. Retrieved 2024-07-17. 
  7. Sheahan, Maria; Steitz, Christoph; Rinke, Andreas (2022-02-28). "Satellite outage knocks out thousands of Enercon's wind turbines". Reuters. https://www.reuters.com/business/energy/satellite-outage-knocks-out-control-enercon-wind-turbines-2022-02-28/. 
  8. Goodin, Dan (31 March 2022). "Mystery solved in destructive attack that knocked out >10k Viasat modems". Ars Technica. https://arstechnica.com/information-technology/2022/03/mystery-solved-in-destructive-attack-that-knocked-out-10k-viasat-modems. 
  9. Guerrero-Saade, Juan Andres (31 March 2022). "AcidRain: A Modem Wiper Rains Down on Europe". SentinelLabs. https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/. 
  10. "Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices". U.S. Department Of Justice. 23 May 2018. https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected. 
  11. "Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union". Council of the EU. 10 May 2022. https://www.consilium.europa.eu/en/press/press-releases/2022/05/10/russian-cyber-operations-against-ukraine-declaration-by-the-high-representative-on-behalf-of-the-european-union/. 
  12. "Attribution of Russia's Malicious Cyber Activity Against Ukraine" (in en). https://www.state.gov/attribution-of-russias-malicious-cyber-activity-against-ukraine/. 
  13. "Russia behind cyber-attack with Europe-wide impact an hour before Ukraine invasion" (in en). https://www.gov.uk/government/news/russia-behind-cyber-attack-with-europe-wide-impact-an-hour-before-ukraine-invasion. 

Template:Hacking in the 2020s



Retrieved from "https://handwiki.org/wiki/index.php?title=Viasat_hack&oldid=4226849"