Hackers not only flooded satellite modems owned by California-based Viasat with traffic to knock them offline, but also used “destructive commands” to overwrite key data on the modems, Viasat said in its report – a sign of how determined the hackers were to disrupt service in Ukraine.
The hack took place on February 24 as the Russian military began its assault on Ukraine. On March 15, a senior Ukrainian cyberspace official, Victor Zhora, called the hack “a really huge loss in communications at the very beginning of the war.”
Viasat worked to respond to the hack in the weeks that followed. It has shipped nearly 30,000 modems to its customers to get them back online, the company said Wednesday.
“The nature of this attack and other ongoing attacks that we regularly see are dynamic, and we are constantly updating our tools and mitigations to ensure the network is stable and secure,” a Viasat spokesperson said. at CNN.
The US government is still investigating the hack.
“We have no attribution to share at this time and we are reviewing this closely,” National Security Council spokesperson Saloni Sharma said in an email Wednesday. “As we have said before, we are concerned about the apparent use of cyber operations to disrupt communication systems in Ukraine and across Europe and affect businesses’ and individuals’ access to the internet.”
Viasat hired US cybersecurity firm Mandiant to investigate the incident. Mandiant did not immediately respond to a request for comment.
The hack affected residential modems on Viasat’s KA-SAT satellite network, Viasat said on Wednesday. “This cyber-attack had no impact on mobility managed directly by Viasat or on government users of the KA-SAT satellite,” the company added.
“It is not surprising that the effects of the attack were not limited to residential Viasat customers on Ukrainian territory,” Brian Kime, vice president of cybersecurity firm ZeroFox, told CNN. “Collateral damage happens in all wars and, had this been led by Putin’s government and successfully targeted Viasat’s government and military customers, there could easily have been a similar impact on non-Ukrainian customers, including including members of NATO.
The battle for communications during the war in Ukraine has made satellite owners and other telecommunications providers a prime target for hacking.
Triolan, an internet service provider with customers in major Ukrainian cities, said on March 10 that a cyberattack had disrupted service and blamed “the enemy” in an apparent reference to Russia.
For their part, Ukrainian officials have encouraged willing hackers to hit Russian organizations involved in the war.