{"id":1527,"date":"2023-08-10T23:50:39","date_gmt":"2023-08-10T23:50:39","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=76278"},"modified":"2023-08-10T23:50:39","modified_gmt":"2023-08-10T23:50:39","slug":"satellite-hack-on-eve-of-ukraine-war-was-a-coordinated-multi-pronged-assault","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/08\/10\/satellite-hack-on-eve-of-ukraine-war-was-a-coordinated-multi-pronged-assault\/","title":{"rendered":"Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v20.5 (Yoast SEO v20.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop<\/title> <meta name=\"description\" content=\"The satellite hack that took the world by storm was more complex than initially thought, according to a Viasat executive.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/viasat-ka-sat-hack-black-hat\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault\"> <meta property=\"og:description\" content=\"The satellite hack that took the world by storm was more complex than initially thought, according to a Viasat executive.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/viasat-ka-sat-hack-black-hat\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-08-10T23:50:39+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/satellite-hack-on-eve-of-ukraine-war-was-a-coordinated-multi-pronged-assault-1.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1200\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1691523982g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1690881885g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1690549404g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=008d053dcbaaeb47b822\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/76278\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=76278\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fviasat-ka-sat-hack-black-hat%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fviasat-ka-sat-hack-black-hat%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-76278 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/viasat-ka-sat-hack-black-hat\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.1875\">\n<div class=\"single-article__header-content\" readability=\"30.288461538462\">\n<p> The satellite hack that took the world by storm was more complex than initially thought, according to a Viasat executive. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"400\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/satellite-hack-on-eve-of-ukraine-war-was-a-coordinated-multi-pronged-assault.jpg?resize=640%2C400&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/satellite-hack-on-eve-of-ukraine-war-was-a-coordinated-multi-pronged-assault-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/satellite-hack-on-eve-of-ukraine-war-was-a-coordinated-multi-pronged-assault-1.jpg?resize=300,188 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/satellite-hack-on-eve-of-ukraine-war-was-a-coordinated-multi-pronged-assault-1.jpg?resize=768,480 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/satellite-hack-on-eve-of-ukraine-war-was-a-coordinated-multi-pronged-assault-1.jpg?resize=1024,640 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/satellite-hack-on-eve-of-ukraine-war-was-a-coordinated-multi-pronged-assault-1.jpg?resize=1536,960 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/satellite-hack-on-eve-of-ukraine-war-was-a-coordinated-multi-pronged-assault-1.jpg?resize=600,375 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/satellite-hack-on-eve-of-ukraine-war-was-a-coordinated-multi-pronged-assault-1.jpg?resize=269,168 269w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/satellite-hack-on-eve-of-ukraine-war-was-a-coordinated-multi-pronged-assault-1.jpg?resize=539,337 539w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/satellite-hack-on-eve-of-ukraine-war-was-a-coordinated-multi-pronged-assault-1.jpg?resize=1080,675 1080w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/satellite-hack-on-eve-of-ukraine-war-was-a-coordinated-multi-pronged-assault-1.jpg?resize=1349,843 1349w\" sizes=\"(max-width: 1080px) 100vw, 1080px\"><figcaption> Spacecraft launch. Elements of this image furnished by NASA. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"48.214654282766\"><body readability=\"97.751155947877\"><\/p>\n<p>LAS VEGAS \u2014 The cyberattack that crippled satellite communications on the eve of the Ukraine war was more broad than initially understood and carried out by attackers with detailed knowledge of the compromised system, an executive with Viasat, whose modems were targeted in the attack, revealed during a talk Thursday at the Black Hat cybersecurity conference in Las Vegas. <\/p>\n<p>When hackers attacked Viasat as Russian forces prepared to stream across Ukraine\u2019s border, they relied on a piece of malware that wiped the contents of thousands of targeted modems. That component of the attack has been fairly well understood, but on Thursday, Mark Colaluca, vice president and chief information security officer at Viasat Corporate, revealed a second, previously unknown component of the attack and said that the company remains under assault. <\/p>\n<p>That secondary line of attack used \u201chighly technical knowledge of our network\u201d and the networking protocols it relies on to \u201ctarget specific terminals to not let them back on the network,\u201d Colaluca said. <\/p>\n<p>U.S. government and Ukrainian officials have blamed Russia for the attack on the Viasat KA-SAT network that shut down communications that Kyiv relied on for commanding troops and thousands of European used for internet access. And the secondary attack revealed on Thursday showed that once Russian hackers had disrupted internet access in the first place they used sophisticated methods to try and prevent it from being restored. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The attack on Viasat signaled that cyber operations would play a significant role in the war between Russia and Ukraine. After the U.S. blamed Moscow for <a href=\"https:\/\/www.state.gov\/attribution-of-russias-malicious-cyber-activity-against-ukraine\/\">hitting the Viasat network<\/a>, the Cybersecurity and Infrastructure Security Agency and the FBI <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa22-076a\">released an alert<\/a>, and the National Security Agency <a href=\"https:\/\/www.nsa.gov\/Press-Room\/News-Highlights\/Article\/Article\/2910409\/nsa-issues-recommendations-to-protect-vsat-communications\/\">released recommendations<\/a> to protect satellite communications. Meanwhile, cyber experts poured over the <a href=\"https:\/\/cyberscoop.com\/viasat-sentinelone-acidrain-vpnfilter\/\">wiper malware<\/a> dubbed Acid Rain used in the attack and the event has become something of clarion call for improving the cybersecurity of space systems.<\/p>\n<p>In his appearance on Thursday, Colaluca spoke alongside Kristina Walter, who leads the National Security Agency\u2019s efforts to protect the cybersecurity of the U.S. defense industrial base. Walter said that in the run-up to the invasion of Ukraine, her agency anticipated that defense contractors might be targeted for cyberattack, but an assault on a satellite internet provider caught the NSA by surprise. <\/p>\n<p>\u201cThis was not something we were expecting,\u201d she said. <\/p>\n<p>The KA-SAT satellite was launched in December 2010 and provides broadband internet and satellite television to Europe and parts of the Middle East. At the time of the attacks, the satellite communications network served between 110,000 to 120,000 modems with a mix of commercial, government clients and aviation customers, according to Colaluca.<\/p>\n<p>Around 6:00 p.m. on Feb. 23, 2022, one day before the invasion, an attacker made multiple attempts to log into a VPN that Viasat administrators used to access servers in northern Italy that control the satellite internet network. The attacker at first failed to break into the network but hours later found a credential that worked. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>With access to the computer system used to communicate with modems scattered throughout Europe and the Middle East, the attacker proceeded to send a piece of malware \u2014 dubbed Acid Rain \u2014 that left 40,000 to 45,000 modems inoperable. Ukrainian cybersecurity officials said the attack caused a \u201c<a href=\"https:\/\/cyberscoop.com\/viasat-hack-details-vpn-russia-ukraine\/\">huge loss in communications<\/a>\u201d at the start of the invasion.<\/p>\n<p>The second phase of the attack wasn\u2019t discovered until later. Not only did Russian hackers deploy the wiper malware, they also flooded Viasat servers with requests that quickly overwhelmed their networks. Viasat servers received more than 100,000 requests in a five minute time span. That meant that anytime a modem would get kicked off the network it couldn\u2019t reconnect because the server could not respond, Colaluca said. <\/p>\n<p>The hackers targeted specific terminals, but the company has not been able to determine exactly which modems were targeted. \u201cIt appeared to be that the attackers had specific targets in mind,\u201d Colaluca said.<\/p>\n<p>The attacks on Viasat systems persisted beyond February of last year. The network requests that crippled its server continued for several weeks after the date of the invasion, and over the past year the company has observed \u201cseveral incidents in the RF domain,\u201d Colaluca said, referring to the radio frequencies used by the company\u2019s satellite to communicate with its base stations. <\/p>\n<p>Colaluca would not provide details on what that radio frequency attack entailed but said that improvements in its security posture appeared to thwart the attack.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/viasat-ka-sat-hack-black-hat\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Satellite hack on eve of Ukraine war was a coordinated,<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[730,761,270,539,260,288,354,762],"tags":[734,763,276,542,266,294,358,764],"class_list":["post-1527","post","type-post","status-publish","format-standard","hentry","category-black-hat","category-national-security-agency","category-russia","category-satellite","category-space","category-threats","category-ukraine","category-viasat","tag-black-hat","tag-national-security-agency","tag-russia","tag-satellite","tag-space","tag-threats","tag-ukraine","tag-viasat"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/black-hat\/\" rel=\"category tag\">Black Hat<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-security-agency\/\" rel=\"category tag\">National Security Agency<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/satellite\/\" rel=\"category tag\">satellite<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/space\/\" rel=\"category tag\">space<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ukraine\/\" rel=\"category tag\">Ukraine<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/viasat\/\" rel=\"category tag\">Viasat<\/a>","tag_info":"Viasat","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1527"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1527\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}