Satellite interactions giant Viasat on Wednesday shared new details from its examination into the February cyberattack that took down service for broadband clients in Ukraine and throughout Europe. The company verified the “diverse and intentional” attack impacted “a number of thousand” consumers in Ukraine and tens of thousands of other repaired broadband customers throughout Europe.
The incident against Viasat’s KA-SAT network happened on Feb. 24, the same day that Russia got into Ukraine. According to Viasat’s incident summary, a targeted rejection of service attack was first discovered when high volumes of focused, harmful traffic made it difficult for many modems to remain online. The traffic emanated from a number of SurfBeam2 and SurfBeam 2+ modems and/or associated client property equipment physically situated within Ukraine.
“Our company believe the function of the attack was to disrupt service,” Viasat said. “There is no evidence that any end-user data was accessed or compromised, nor client individual devices (PCs, mobile phones, etc) was incorrectly accessed, nor is there any proof that the KA-SAT satellite itself or its supporting satellite ground infrastructure itself were directly included, impaired or compromised.”
The attack was localized to a single, consumer-oriented partition of the KA-SAT network run on Viasat’s behalf by a Eutelsat subsidiary, Skylogic. It didn’t impact Viasat’s directly managed movement or government users on the KA-SAT satellite, nor did it affect users on other Viasat networks.The investigation
and forensic analysis of the occasion determined a ground-based network invasion by an attacker who acquired remote access to the relied on management section of the KA-SAT network. The attack obviously handled to gain that access by making use of a misconfiguration in a VPN home appliance. The opponent utilized their network access to carry out legitimate, targeted management commands on a large number of property modems simultaneously.Viasat said that it’s still working with the wholesale distributors of its services to bring their clients back online. Some customer modems without delay got over-the-air updates, while other consumers are getting new modems totally. Viasat has actually currently delivered tens of thousands of replacement modems to distributors, the company said. The California-based company stated it’s dealing with Eutelsat/Skylogic, in addition to the cybersecurity company Mandiant and law enforcement and government agencies, to continue its investigation into the attack. Source
