 Malicious update anchored worst cyberattack of Ukraine war - Albuquerque Journal

Malicious update anchored worst cyberattack of Ukraine war

By Frank Bajak / Associated Press

A malicious software update that crippled tens of thousands of modems across Europe anchored the cyberattack on a satellite network used by Ukraine’s government and military just as Russia invaded, the satellite owner disclosed Wednesday.

The owner, U.S.-based Viasat, provided details for the first time of how the most serious known cyberattack of the Russia-Ukraine war unfolded. The wide-ranging attack affected users from Poland to France, getting almost immediate notice by knocking off remote access to thousands of wind turbines in central Europe.

Viasat did not say in its statement who it believed was responsible for the attack. Ukrainian officials blame Russian hackers.

The Viasat attack, coming just as Russia was launching its invasion, was considered at the time by many a harbinger of serious cyberattacks that could extend beyond Ukraine. Such attacks haven’t yet materialized, though security researchers say the most impactful war-related cyber operations are likely occurring in the shadows, focused on intelligence-gathering.

A free-for-all of lesser attacks, many apparently carried out by volunteers, have been launched against both Russia and Ukraine. A persistent drumbeat of malicious hacking that Ukrainian officials and cybersecurity researchers blame on Russia-affiliated attackers has plagued Ukraine throughout the more than month-long conflict. One of the most serious hacks largely knocked offline the internet and cellular service of a major telecommunications company that serves the military, Ukrtelecom, for most of Monday.

On Wednesday, Google said it had identified a state-backed Russian hacking group engaged in a credential-phishing campaign targeting the militaries of multiple Eastern European countries and a NATO think tank. It said it did not know if any of the targets were successfully compromised.

The attack on the KA-SAT satellite network highlighted how vulnerable commercial satellite networks that serve both military and non-military clients can be, with the impact felt by individuals and businesses far from the battlefield.

It began in the early hours of Feb. 24 with a distributed denial-of-service onslaught that knocked a large number of modems offline. A destructive attack followed in which a malicious software command sent across the network rendered tens of thousands of modems across Europe inoperable by overwriting their internal memory, Viasat said. “We believe the purpose of the attack was to interrupt service,” it said.

It said it has shipped 30,000 replacement modems to affected customers across Europe, most of whom use the service for residential broadband internet access.

The attack caused a major loss in communications in Ukraine in the early hours of Russia’s invasion, top Ukrainian cybersecurity official Victor Zhora told reporters earlier this month. Asked by The Associated Press last week who was responsible, Zhora said, “We don’t need to attribute it since we have obvious evidence that it was organized by Russian hackers to disrupt connection between customers that use this satellite system.”

He said he did not have information on whether the service had been restored and could not say which Ukrainian agencies beyond the military were affected. Contracts show, however, that Zhora’s own agency, the State Service for Special Communications, is among customers that also include police agencies and municipalities. Viasat said “several thousand customers” located in Ukraine were impacted.

Viasat, based in Carlsbad, California, said the initial denial of service attack had emanated from modems inside Ukraine. It did not specify how the destructive malware entered the network other than to say a “misconfiguration” in a virtual private network appliance was compromised, allowing the attackers to gain remote access from the internet to a “trusted” management console used to administer the satellite network.

From there, the attackers were able to simultaneously send the destructive command to modems across Europe, rendering them useless but not permanently unusuable, Viasat said.

It was not known how the attackers breached the VPN appliance. Satellite cybersecurity researcher Ruben Santamarta s aid it was important to know whether they had obtained credentials or exploited a known vulnerability. Viasat declined to provide specifics Wednesday, citing an ongoing investigation.

The ground-based network is run by Skylogic, an Italy-based subsidiary of Eutelsat, from which Viasat purchased the KA-SAT satellite in April of last year.

Viasat’s investigation of the attack was done by the U.S. cybersecurity firm Mandiant.


Albuquerque Journal and its reporters are committed to telling the stories of our community.

• Do you have a question you want someone to try to answer for you? Do you have a bright spot you want to share?
   We want to hear from you. Please email yourstory@abqjournal.com

Nativo Sponsored Content

taboola desktop

1
7 hurt in Arkansas tornado; storms move into Deep ...
Nation
Severe storms that included at least ... Severe storms that included at least two tornadoes injured several people, damaged homes and businesses and downed power lines in Arkansas, Missouri and Texas ...
2
Alex Jones faces fines for skipping Sandy Hook deposition
Nation
A Connecticut judge said Wednesday Infowars ... A Connecticut judge said Wednesday Infowars host and conspiracy theorist Alex Jones will be fined for each weekday that passes without him appearing for ...
3
Stocks fall, breaking a 4-day winning streak on Wall ...
Nation
Technology companies led stocks lower on ... Technology companies led stocks lower on Wall Street Wednesday, ending a four-day winning streak for the market, after an economic report stoked worries about ...
4
With at least one GOP vote, Jackson likely to ...
Nation
Maine Sen. Susan Collins said Wednesday ... Maine Sen. Susan Collins said Wednesday she will vote to confirm Judge Ketanji Brown Jackson, giving Democrats at least one Republican vote and all ...
5
Nevada sheriff: Homicide suspect located, no longer at large
Nation
A 58-year-old homicide suspect who was ... A 58-year-old homicide suspect who was the subject of a manhunt in a rural area along Interstate 80 in northern Nevada has been located ...
6
Voice from the grave haunts Ronald Greene's deadly arrest
Nation
Days before his own death, Louisiana ... Days before his own death, Louisiana Master Trooper Chris Hollingsworth walked into a secure room deep inside state police headquarters, swore an oath and ...
7
US astronaut ends record spaceflight with Russian ride home
Nation
A NASA astronaut caught a Russian ... A NASA astronaut caught a Russian ride back to Earth on Wednesday after a U.S. record 355 days at the International Space Station, returning ...
8
EXPLAINER: What the law says about presidential records
Nation
Revelations of a roughly eight-hour gap ... Revelations of a roughly eight-hour gap in official records of then-President Donald Trump's phone calls on the day of last year's insurrection at the ...
9
US sanctions Iranians after missile strikes in Iraq, Gulf
Nation
The United States sanctioned Iranian defense ... The United States sanctioned Iranian defense companies Wednesday after a spate of ballistic missile attacks on targets in Iraq and the Gulf. The U.S. ...