LED lights and toy figures appear in front of the displayed binary code and the words “cyber attack” in this July 5, 2021 illustration. REUTERS/Dado Ruvic/Illustration
March 12, 2022
By James Pearson, Raphael Satter, Christopher Bing and Joel Schectman
(Reuters) – Western intelligence agencies are investigating a cyberattack by unidentified hackers that disrupted broadband satellite internet access in Ukraine at the same time as the invasion of Russia, according to three people with direct knowledge of the incident.
Analysts from the US National Security Agency, French cybersecurity organization ANSSI and Ukraine’s secret service are looking into whether the remote sabotage of a satellite internet provider’s service was the work of Russian state-backed hackers preparing the battlefield by attempting to disrupt communications.
The digital attack on the satellite service began between 5 a.m. and 9 a.m. on February 24, just as Russian forces began to invade and launch rockets that hit major Ukrainian cities, including the capital Kyiv.
The fallout is still being investigated, but satellite modems belonging to tens of thousands of customers in Europe have been taken offline, according to an official at US telecoms company Viasat, which owns the affected network.
The hackers disabled modems that communicate with Viasat Inc’s KA-SAT satellite, which provides Internet access to some customers in Europe, including Ukraine. More than two weeks later, some remain offline, resellers told Reuters.
What appears to be one of the most significant wartime cyberattacks publicly reported so far has attracted the interest of Western intelligence agencies, as Viasat acts as an arms supplier to both the United States and several allies.
Government contracts reviewed by Reuters show KA-SAT has provided internet connectivity to Ukrainian military and police units.
Pablo Breuer, a former US Special Operations Command (SOCOM) technologist, said that turning off satellite internet connectivity could affect Ukraine’s ability to fight Russian forces.
“Traditional land-based radios only go so far. If you’re using modern intelligent systems and smart weapons and trying to perform combined arms maneuvers, you have to rely on these satellites,” Breuer said.
The Russian Embassy in Washington did not immediately respond with a request for comment. Moscow has repeatedly denied allegations of involvement in cyber attacks.
Russian soldiers have besieged Ukrainian cities in what the Kremlin has dubbed “denazification,” an operation that has been denounced by the West as an unprovoked attack and resulted in heavy sanctions being imposed on Moscow as punishment.
MODEMS NOT FUNCTIONAL
Viasat said in a statement that the disruption to customers in Ukraine and elsewhere was triggered by a “deliberate, isolated and external cyber event,” but has yet to provide a detailed, public explanation of what happened.
“The network is stabilized and we are restoring service and activating terminals as soon as possible,” spokesman Chris Phillips said in an email, adding that the company is prioritizing “critical infrastructure and humanitarian assistance.”
According to Jaroslav Stritecky, head of the Czech telecommunications company INTV, the affected modems appeared to be completely non-functional. Normally, he said, the four status lights on the curved SurfBeam 2 modems would show if they were connected to the internet. After the attack, the lights on devices manufactured by Viasat did not come on at all.
The Viasat official said a misconfiguration in the “management” section of the satellite network allowed the hackers to remotely access the modems and take them offline. Most affected devices would need to be reprogrammed and partially replaced by either an on-site technician or a repair shop.
The Viasat official did not specify what the network’s “administrative section” was referring to and declined to give further details. KA-SAT and its associated ground stations, which Viasat bought from European company Eutelsat last year, are still operated by a Eutelsat subsidiary.
Eutelsat referred questions back to Viasat.
Viasat hired US cybersecurity firm Mandiant, which specializes in tracking state-sponsored hackers, to investigate the break-in, according to two people familiar with the matter.
NSA, ANSSI and Mandiant spokesmen declined to comment.
Viasat said government customers who source services directly from the company are unaffected by the disruption. However, the KA-SAT network is operated by a third party, which in turn outsources the service through various distributors.
In recent years, Ukraine’s military and security services have purchased several different communications systems running on Viasat’s network, according to contracts published on ProZorro, a Ukrainian transparency platform.
A message seeking comment from the Ukrainian military was not immediately answered.
Some internet distributors are still waiting to replace their devices.
Strietecky, the Czech telecom manager, said he didn’t blame Viasat.
He recalled arriving at work on the morning of the invasion and seeing a monitor showing regional satellite coverage in the Czech Republic, neighboring Slovakia and Ukraine in all red.
“It was immediately clear what happened,” he said.
(Reporting by James Pearson, Raphael Satter, Christopher Bing and Joel Schectman; Editing by Chris Sanders and Grant McCool)
https://www.oann.com/exclusive-u-s-spy-agency-probes-sabotage-of-satellite-internet-during-russian-invasion-sources/?utm_source=rss&utm_medium=rss&utm_campaign=exclusive-u-s-spy-agency-probes-sabotage-of-satellite-internet-during-russian-invasion-sources Exclusive US Spy Agency Investigates Satellite Internet Sabotage During Russian Invasion Sources