BroadbandMilitary

WaPo: US Has Privately Attributed Hack of Viasat KA-SAT Ground Infrastructure to GRU

Viasat KA-SAT satellite. The satellite provides "internet coverage over much of Europe," per Viasat. Graphic via Viasat.
Viasat KA-SAT satellite. The satellite provides “internet coverage over much of Europe,” per Viasat. Graphic via Viasat.

US intelligence officials have attributed the hack of a satellite broadband service to the GRU, Russia’s largest military spy agency, the Washington Post reported Thursday. While its spooks may have reached a determination, the US government has not publicly attributed to Russian military hackers.


“We are concerned about the apparent use of cyber operations to disrupt communications systems in Ukraine and across Europe and affect businesses and individuals’ access to the Internet,” a National Security Council spokesperson told WaPo.


The FBI and US cyber agency CISA recently warned US SATCOM operators to step up their security posture and lower their threshold for incident reporting, due to elevated threat levels.

What say Ukraine?

Viktor Zhora, a senior Ukrainian cyber official, flatly told WaPo: “We don’t need to attribute it since we have obvious evidence that it was organized by Russian hackers to disrupt the connection between customers that use this satellite system.” Zhora pointed to the timing of the attack, which knocked satellite receivers offline shortly before Russian missiles started flying into Ukraine and forces started pouring over the Belarussian border. “It was a really huge loss in communications in the very beginning of war,” Zhora told Wired.

New details emerge

The attack on Viasat KA-SAT receivers likely disrupted Ukrainian military comms at the beginning of the war. Elite units of the Ukrainian military are using satellite networks to steer drones, among other things. And Zelenskyy is reportedly using a satphone to stay connected and communicate with the outside world.


Viasat, which has repeatedly referred to the incident as a “deliberate, isolated, and external cyber event,” is still working to restore connectivity in affected areas. The satellite operator is in the process of shipping new product to distribution partners so that customers can replace bricked hardware.

Size, scope, and scale

The attack has collateral damage far beyond Ukraine or the country’s armed forces. To wit: Thousands of wind turbines are still offline in Germany. Western intelligence agencies are probing the attack, and without elaborating, the NSA has confirmed it’s also looking into the breach.

Related Stories
BusinessMilitaryRockets

Ursa Major Wins New US Industrial Base Funding

The end goal is to produce 50 to 100 liquid-fueled rocket engines a year.

Military

Space Force Short on Money, People, Top Officer Says

The Space Force is not keeping pace with adversaries’ advancing capabilities—or meeting demand from the rest of the military for space services, according to a top officer.

LaunchMilitaryOSAM

True Anomaly Catches Firefly For Space Force RPO Launch

True Anomaly is building a spacecraft for VICTUS HAZE.

MilitaryStartups

Space Force Turns to TAP Labs To Bridge Tech Gaps

“TAP Lab has done an amazing job of bridging the Valley of Death in R&D.”