The attack, which took place on February 24, affected tens of thousands of modems across Ukraine and Europe. The investigation into the incident revealed that attackers took advantage of a misconfiguration in a VPN appliance to gain remote access to the trusted management segment of the KA-SAT network. They then used the network access to execute commands on a large number of residential modems that overwrote key data in flash memory on the modems, cutting off access to the network. At the end of March, security researchers at Sentinel One shared details on a new piece of destructive wiper malware targeting modems and routers that could be connected to the Viasat hack.
Viasat said that the attack destroyed “tens of thousands” of satellite terminals. The UK authorities noted in a statement that besides the Ukrainian military and civilian customers the hack also affected windfarms and internet users in central Europe.
“On 24 February, a cyber-attack against Viasat began approximately 1 hour before Russia launched its major invasion of Ukraine. Although the primary target is believed to have been the Ukrainian military, other customers were affected, including personal and commercial internet users. Wind farms in central Europe and internet users were also affected,” officials said.
In addition, the US authorities blamed Russia for a series of disruptive cyber operations, including website defacements, distributed denial-of-service (DDoS) attacks, and destructive data wiping cyberattacks that targeted computers of government and private entities.
“For example, the United States has assessed that Russian military cyber operators have deployed multiple families of destructive wiper malware, including WhisperGate, on Ukrainian Government and private sector networks. These disruptive cyber operations began in January 2022, prior to Russia’s illegal further invasion of Ukraine and have continued throughout the war,” the US State Department said.
“The European Union, working closely with its partners, is considering further steps to prevent, discourage, deter and respond to such malicious behaviour in cyberspace. The European Union will continue to provide coordinated political, financial and material support to Ukraine to strengthen its cyber resilience,” the EU said in a statement.
Cybersecurity Help statement on the critical situation in Ukraine
On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!