BroadbandMilitary

WaPo: US Has Privately Attributed Hack of Viasat KA-SAT Ground Infrastructure to GRU

By Ryan Duffy
Share
Viasat KA-SAT satellite. The satellite provides "internet coverage over much of Europe," per Viasat. Graphic via Viasat.
Viasat KA-SAT satellite. The satellite provides “internet coverage over much of Europe,” per Viasat. Graphic via Viasat.

US intelligence officials have attributed the hack of a satellite broadband service to the GRU, Russia’s largest military spy agency, the Washington Post reported Thursday. While its spooks may have reached a determination, the US government has not publicly attributed to Russian military hackers.


“We are concerned about the apparent use of cyber operations to disrupt communications systems in Ukraine and across Europe and affect businesses and individuals’ access to the Internet,” a National Security Council spokesperson told WaPo.


The FBI and US cyber agency CISA recently warned US SATCOM operators to step up their security posture and lower their threshold for incident reporting, due to elevated threat levels.

What say Ukraine?

Viktor Zhora, a senior Ukrainian cyber official, flatly told WaPo: “We don’t need to attribute it since we have obvious evidence that it was organized by Russian hackers to disrupt the connection between customers that use this satellite system.” Zhora pointed to the timing of the attack, which knocked satellite receivers offline shortly before Russian missiles started flying into Ukraine and forces started pouring over the Belarussian border. “It was a really huge loss in communications in the very beginning of war,” Zhora told Wired.

New details emerge

The attack on Viasat KA-SAT receivers likely disrupted Ukrainian military comms at the beginning of the war. Elite units of the Ukrainian military are using satellite networks to steer drones, among other things. And Zelenskyy is reportedly using a satphone to stay connected and communicate with the outside world.


Viasat, which has repeatedly referred to the incident as a “deliberate, isolated, and external cyber event,” is still working to restore connectivity in affected areas. The satellite operator is in the process of shipping new product to distribution partners so that customers can replace bricked hardware.

Size, scope, and scale

The attack has collateral damage far beyond Ukraine or the country’s armed forces. To wit: Thousands of wind turbines are still offline in Germany. Western intelligence agencies are probing the attack, and without elaborating, the NSA has confirmed it’s also looking into the breach.

Share

Upcoming Events

Return Home
Related Stories
BusinessMilitaryTechnology

Anduril wins $99.7M Contract to Modernize SPACECOM 

Lattice uses machine learning and AI models to help operators track objects in space, giving SPACECOM a more resilient space surveillance tool.

InternationalMilitary

First Dutch Military EO Sat to Launch in 2027

The spacecraft will host a laser communications terminal and a set of optical sensors to provide Dutch defense forces with a sovereign space-borne intelligence-gathering capability.

BusinessMilitary

Voyager Is Trying to Right-Size National Security Space

There are three major areas where Voyager is investing in national security space: Solid rockets, intelligence, and satellite payloads.

Military

Five Companies Join DoD Info Sharing Network

In addition to the five companies, the cell is in the process of adding two additional companies, which is expected to bring the total membership to 17 by early 2025.