11 May 2022

US, UK, EU say Russia is responsible for large-scale Viasat outage


US, UK, EU say Russia is responsible for large-scale Viasat outage

The US, UK, the European Union, and allies formally accused Russia for a massive cyberattack that disrupted Viasat's KA-SAT satellite internet service an hour before Ukraine invasion.

The attack, which took place on February 24, affected tens of thousands of modems across Ukraine and Europe. The investigation into the incident revealed that attackers took advantage of a misconfiguration in a VPN appliance to gain remote access to the trusted management segment of the KA-SAT network. They then used the network access to execute commands on a large number of residential modems that overwrote key data in flash memory on the modems, cutting off access to the network. At the end of March, security researchers at Sentinel One shared details on a new piece of destructive wiper malware targeting modems and routers that could be connected to the Viasat hack.

Viasat said that the attack destroyed “tens of thousands” of satellite terminals. The UK authorities noted in a statement that besides the Ukrainian military and civilian customers the hack also affected windfarms and internet users in central Europe.

“On 24 February, a cyber-attack against Viasat began approximately 1 hour before Russia launched its major invasion of Ukraine. Although the primary target is believed to have been the Ukrainian military, other customers were affected, including personal and commercial internet users. Wind farms in central Europe and internet users were also affected,” officials said.

In addition, the US authorities blamed Russia for a series of disruptive cyber operations, including website defacements, distributed denial-of-service (DDoS) attacks, and destructive data wiping cyberattacks that targeted computers of government and private entities.

“For example, the United States has assessed that Russian military cyber operators have deployed multiple families of destructive wiper malware, including WhisperGate, on Ukrainian Government and private sector networks. These disruptive cyber operations began in January 2022, prior to Russia’s illegal further invasion of Ukraine and have continued throughout the war,” the US State Department said.

“The European Union, working closely with its partners, is considering further steps to prevent, discourage, deter and respond to such malicious behaviour in cyberspace. The European Union will continue to provide coordinated political, financial and material support to Ukraine to strengthen its cyber resilience,” the EU said in a statement.

Cybersecurity Help statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!


Back to the list

Latest Posts

Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks

Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks

The suspect registered 240 domains, 50 of which were used as command-and-control domains for the ISRStealer, Pony, and LokiBot malware.
26 May 2022
US automaker General Motors hit with credential stuffing attack

US automaker General Motors hit with credential stuffing attack

Social Security numbers and driver’s license details weren’t compromised, the company said.
25 May 2022
Popular Python and PHP libraries altered to steal AWS keys

Popular Python and PHP libraries altered to steal AWS keys

In both cases the attacker appears to have taken over packages that have not been updated in a while.
25 May 2022