BroadbandMilitary

WaPo: US Has Privately Attributed Hack of Viasat KA-SAT Ground Infrastructure to GRU

Viasat KA-SAT satellite. The satellite provides "internet coverage over much of Europe," per Viasat. Graphic via Viasat.
Viasat KA-SAT satellite. The satellite provides “internet coverage over much of Europe,” per Viasat. Graphic via Viasat.

US intelligence officials have attributed the hack of a satellite broadband service to the GRU, Russia’s largest military spy agency, the Washington Post reported Thursday. While its spooks may have reached a determination, the US government has not publicly attributed to Russian military hackers.


“We are concerned about the apparent use of cyber operations to disrupt communications systems in Ukraine and across Europe and affect businesses and individuals’ access to the Internet,” a National Security Council spokesperson told WaPo.


The FBI and US cyber agency CISA recently warned US SATCOM operators to step up their security posture and lower their threshold for incident reporting, due to elevated threat levels.

What say Ukraine?

Viktor Zhora, a senior Ukrainian cyber official, flatly told WaPo: “We don’t need to attribute it since we have obvious evidence that it was organized by Russian hackers to disrupt the connection between customers that use this satellite system.” Zhora pointed to the timing of the attack, which knocked satellite receivers offline shortly before Russian missiles started flying into Ukraine and forces started pouring over the Belarussian border. “It was a really huge loss in communications in the very beginning of war,” Zhora told Wired.

New details emerge

The attack on Viasat KA-SAT receivers likely disrupted Ukrainian military comms at the beginning of the war. Elite units of the Ukrainian military are using satellite networks to steer drones, among other things. And Zelenskyy is reportedly using a satphone to stay connected and communicate with the outside world.


Viasat, which has repeatedly referred to the incident as a “deliberate, isolated, and external cyber event,” is still working to restore connectivity in affected areas. The satellite operator is in the process of shipping new product to distribution partners so that customers can replace bricked hardware.

Size, scope, and scale

The attack has collateral damage far beyond Ukraine or the country’s armed forces. To wit: Thousands of wind turbines are still offline in Germany. Western intelligence agencies are probing the attack, and without elaborating, the NSA has confirmed it’s also looking into the breach.

Related Stories
Military

Our Top 10 National Security Space Takeaways For 2024

As commercial and scientific traffic picks up in space from actors around the world, the US military space community has spent 2024 making sure they’re prepared to secure the flourishing domain.

BroadbandBusinessLEOResearch

NGSO Fixed Satellite Service Spectrum Priority in the US: Payload Research 

Last month, the Federal Communications Commission (FCC) updated its spectrum sharing rules for Non-Geostationary (NGSO) Fixed Satellite Service (FSS) systems to establish quantified interference protection criteria for satellite systems based on their level of spectrum priority.   

MilitaryPolarisPolicy

Meet A New Face in the National Security Space Community

Rep.-elect Jeff Crank (R-CO) is excited about the future of space—especially, what he can do as a freshman lawmaker to help the commercial space community keep growing.

BusinessEOMilitary

Maxar and Satellogic Tag-Team EO Offering

The combined constellation gives governments the ability to gather insights on multiple geographies at once, while balancing image resolution and cost.