Viasat endured a cyber assault very last thirty day period that specific the firm’s satellite online network and affected residential modems in Ukraine.
In a blog site submit Wednesday, the U.S.-primarily based communications enterprise said the attack was limited to European consumers, like several thousand positioned in Ukraine. It referred to the attack, which occurred on Feb. 24 from its KA-SAT community, as “multifaceted and deliberate.”
When Viasat owns the KA-SAT network, it is operated by a Eutelsat subsidiary Skylogic. Viasat final yr obtained Eutelsat’s share of Euro Broadband Infrastructure and the KA-SAT community, but Viasat mentioned it has not taken complete regulate of the all the assets following the acquisition.
The assault, which was restricted to a consumer-targeted partition of the KA-SAT community, affected “several SurfBeam2 and SurfBeam 2+ modems and/or linked shopper premise machines (CPE) physically found inside Ukraine.” Viasat explained it has shipped nearly 30,000 alternative modems to distributors to restore services for customers.
Subsequently, Viasat enlisted the companies of incident reaction seller Mandiant, as it proceeds an investigation into the assault together with regulation enforcement and U.S. and worldwide governing administration companies. The network remained offline for several times, in accordance to the web site. Precautionary measures have been taken to “be certain other essential back-place of work applications and reporting/analytics solutions have been not impacted.”
Even though the ongoing investigation identified no evidence that user knowledge, individual machines or the KA-SAT satellite were compromised, it appears they attributed a motive.
“We believe the reason of the attack was to interrupt support,” the blog post explained.
Although Viasat did not mention Russia’s invasion of Ukraine in its assertion, the attack coincided with the get started of the invasion, and numerous other cyber attacks and malware campaigns from the place have been observed by both authorities businesses and security suppliers.
Viasat also disclosed the original assault vector was a misconfigured VPN equipment, which the attacker exploited to attain distant entry to the KA-SAT community. Vulnerabilities in VPNs have grow to be a well-known goal for menace actors, and previous federal government advisories have warned enterprises of the risk.
“Specifically, these damaging instructions overwrote important knowledge in flash memory on the modems, rendering the modems unable to accessibility the network, but not completely unusable,” the blog mentioned.
Viasat claimed it is however performing to carry clients again on line.
The enterprise said it simply cannot publicly provide precise specialized aspects on mitigation ways at this time, but that it is “leveraging classes discovered from the incident to increase the security characteristics of its goods.”
A Viasat spokesperson instructed SearchSecurity nations exterior of Ukraine have been affected by the cyber assault but could not share more information. “Modems ended up impacted in Ukraine and in other nations inside Europe. We simply cannot give particular specifics at this time,” the spokesperson mentioned.
When the likely for spillover attacks to other locations is unclear at this level, quite a few analysts and distributors have warned that assaults concentrating on Ukraine could affect the U.S. and other non-Russian allies.
One working day prior to the assault, the Cybersecurity and Infrastructure Stability Company introduced that Viasat joined CISA’s Increased Cybersecurity Expert services software as a new service supplier. 1 aim of the partnership was the potential to “give its clients with early warning against refined cyber attacks,” in accordance to the announcement.