Viasat Details KA-SAT Cyberattack that Affected Thousands of Modems in Ukraine
Viasat believes the cyberattack on its KA-SAT network last month that affected modems across Ukraine and Europe was “deliberate” and intended to interrupt service, the company said in a report on the attack issued Wednesday.
Viasat characterized the cyberattack on Feb. 24 as “multifaceted and deliberate.” It caused a partial interruption of KA-SAT’s consumer satellite broadband service. KA-SAT covers Europe and the Mediterranean region, and Viasat purchased the satellite, formerly owned by Eutelsat, last year when it purchased Eutelsat’s share of Euro Broadband Infrastructure.
Describing the attack, Viasat said malicious traffic was detected on modems in the Ukraine in a targeted denial of service attack. The attack impacted a majority of the previously active modems within Ukraine, affecting several thousand customers, and a substantial number of additional modems in other parts of Europe, affecting tens of thousands of fixed broadband customers.
“Subsequent investigation and forensic analysis identified a ground-based network intrusion by an attacker exploiting a misconfiguration in a VPN appliance to gain remote access to the trusted management segment of the KA-SAT network. The attacker moved laterally through this trusted management network to a specific network segment used to manage and operate the network, and then used this network access to execute legitimate, targeted management commands on a large number of residential modems simultaneously,” the company said.
This incident was localized to a single consumer-oriented partition of the KA-SAT network that is operated on Viasat’s behalf by Eutelsat subsidiary Skylogic. The residential broadband modems affected use the “Tooway” service brand.
The company said there is no evidence that the KA-SAT satellite or its ground infrastructure were directly involved, impaired or compromised. Also, the cyberattack did not impact Viasat’s directly managed mobility or government users on the KA-SAT satellite, or other Viasat users worldwide.
The operator said the network was mostly stabilized within hours and fully stabilized within several days. To restore service to customers, Viasat said some modems received over-the-air updates, and Viasat has shipped nearly 30,000 modems to distributors in cases when the updates were not sufficient. The company is working with distributors to restore service to all end users.
An investigation with third party firm Mandiant, Eutelsat/Skylogic, and U.S. and international government agencies is ongoing, and Viasat did not speculate on the perpetrator.
Executive Chairman Mark Dankberg addressed the cyberattack last week during SATELLITE 2022. “We’re very sensitive to customers that have been disrupted, who we inherited, and we’re working fast to bring them on,” said Dankberg. “In the overall scheme of things, there will be worse cyberattacks if we’re not vigilant. It’s a constant battle. It’s part of what we do and we think we do it extremely well.”