WaPo: US Has Privately Attributed Hack of Viasat KA-SAT Ground Infrastructure to GRU

Viasat KA-SAT satellite. The satellite provides "internet coverage over much of Europe," per Viasat. Graphic via Viasat.
Viasat KA-SAT satellite. The satellite provides “internet coverage over much of Europe,” per Viasat. Graphic via Viasat.

US intelligence officials have attributed the hack of a satellite broadband service to the GRU, Russia’s largest military spy agency, the Washington Post reported Thursday. While its spooks may have reached a determination, the US government has not publicly attributed to Russian military hackers.

“We are concerned about the apparent use of cyber operations to disrupt communications systems in Ukraine and across Europe and affect businesses and individuals’ access to the Internet,” a National Security Council spokesperson told WaPo.

The FBI and US cyber agency CISA recently warned US SATCOM operators to step up their security posture and lower their threshold for incident reporting, due to elevated threat levels.

What say Ukraine?

Viktor Zhora, a senior Ukrainian cyber official, flatly told WaPo: “We don’t need to attribute it since we have obvious evidence that it was organized by Russian hackers to disrupt the connection between customers that use this satellite system.” Zhora pointed to the timing of the attack, which knocked satellite receivers offline shortly before Russian missiles started flying into Ukraine and forces started pouring over the Belarussian border. “It was a really huge loss in communications in the very beginning of war,” Zhora told Wired.

New details emerge

The attack on Viasat KA-SAT receivers likely disrupted Ukrainian military comms at the beginning of the war. Elite units of the Ukrainian military are using satellite networks to steer drones, among other things. And Zelenskyy is reportedly using a satphone to stay connected and communicate with the outside world.

Viasat, which has repeatedly referred to the incident as a “deliberate, isolated, and external cyber event,” is still working to restore connectivity in affected areas. The satellite operator is in the process of shipping new product to distribution partners so that customers can replace bricked hardware.

Size, scope, and scale

The attack has collateral damage far beyond Ukraine or the country’s armed forces. To wit: Thousands of wind turbines are still offline in Germany. Western intelligence agencies are probing the attack, and without elaborating, the NSA has confirmed it’s also looking into the breach.

Related Stories

Space Weapons Can’t Be Ignored by Private Industry 

The number of countries with counterspace weapons has doubled since 2018.


Space Force Chief Says Service is ‘Falling Behind’

Pentagon officials and lawmakers alike raised concerns on Tuesday that the Space Force’s $29.4B budget request for fiscal 2025 was not enough to keep pace with the growing space capabilities of China.


SpaceWERX Shares Tools to Help Industry Reach Phase III

SpaceWERX is looking at how to get companies out of the so-called “valley of death” by launching new programs to help companies make the leap from innovative demo missions to big-dollar programs of record.


Astrobotic Exploring National Security Tech Crossover

Astrobotic is looking to expand into the national security sector and pitching DoD on how some of its Moon landing tech could be used by troops here on Earth.