A multi-faceted cyberattack at the onset of Russia’s war on Ukraine knocked out internet service for tens of thousands of satellite modems in Ukraine and elsewhere in Europe, the US-based telecommunications provider that owns the network said Wednesday.
It’s the most detailed public account yet of one of the most consequential hacks of the war. US officials are investigating the incident as a potential Russian state-sponsored cyberattack, CNN previously reported.
The hackers not only flooded the satellite modems owned by Viasat, a California-based firm, with traffic to knock them offline, but also used “destructive commands” to overwrite key data on the modems, Viasat said in its report – a sign of how intent the hackers were on disrupting service in Ukraine.
The hack occurred February 24 as the Russian military began their onslaught against Ukraine. A top Ukrainian cyber official, Victor Zhora, on March 15 called the hack “a really huge loss in communications in the very beginning of the war.”
Reuters first reported on the Viasat findings Wednesday.
Viasat has been working to respond to the hack in the weeks since. It has shipped nearly 30,000 modems to customers to get them back online, the firm said Wednesday.
“The nature of this and other ongoing attacks we routinely see are dynamic, and we’re constantly updating our tools and mitigations to ensure that the network is stable and secure,” a Viasat spokesperson told CNN.
The US government is still investigating the hack.
“We do not have an attribution to share at this time and are looking at this closely,” Saloni Sharma, spokesperson for the National Security Council, said in an email Wednesday. “As we have already said, we are concerned about the apparent use of cyber operations to disrupt communications systems in Ukraine and across Europe and affect businesses and individuals’ access to the Internet.”
Viasat hired US cybersecurity firm Mandiant to investigate the incident. Mandiant did not immediately respond to a request for comment.
The hack affected residential modems on Viasat’s KA-SAT satellite network, Viasat said Wednesday. “This cyber-attack did not impact Viasat’s directly managed mobility or government users on the KA-SAT satellite,” the firm added.
“It isn’t surprising that the effects of the attack were not limited to Viasat residential customers on Ukrainian territory,” Brian Kime, a vice president at cybersecurity firm ZeroFox, told CNN. “Collateral damage happens in all wars and, if this was directed by Putin’s government and successfully targeted government and military customers of Viasat, there easily could have been a similar impact on non-Ukrainian customers, including NATO members.”
The battle for communications during the war in Ukraine has made satellite owners and other telecommunications providers a prime target for hacking.
Triolan, an internet service provider with customers in key Ukrainian cities, said March 10 that a cyberattack had disrupted service and blamed “the enemy” in an apparent reference to Russia.
For their part, Ukrainian officials have encouraged volunteer hackers to hit Russian organizations involved in the war.