US intelligence officials have attributed the hack of a satellite broadband service to the GRU, Russia’s largest military spy agency, the Washington Post reported Thursday. While its spooks may have reached a determination, the US government has not publicly attributed to Russian military hackers.
“We are concerned about the apparent use of cyber operations to disrupt communications systems in Ukraine and across Europe and affect businesses and individuals’ access to the Internet,” a National Security Council spokesperson told WaPo.
The FBI and US cyber agency CISA recently warned US SATCOM operators to step up their security posture and lower their threshold for incident reporting, due to elevated threat levels.
What say Ukraine?
Viktor Zhora, a senior Ukrainian cyber official, flatly told WaPo: “We don’t need to attribute it since we have obvious evidence that it was organized by Russian hackers to disrupt the connection between customers that use this satellite system.” Zhora pointed to the timing of the attack, which knocked satellite receivers offline shortly before Russian missiles started flying into Ukraine and forces started pouring over the Belarussian border. “It was a really huge loss in communications in the very beginning of war,” Zhora told Wired.
New details emerge
The attack on Viasat KA-SAT receivers likely disrupted Ukrainian military comms at the beginning of the war. Elite units of the Ukrainian military are using satellite networks to steer drones, among other things. And Zelenskyy is reportedly using a satphone to stay connected and communicate with the outside world.
Viasat, which has repeatedly referred to the incident as a “deliberate, isolated, and external cyber event,” is still working to restore connectivity in affected areas. The satellite operator is in the process of shipping new product to distribution partners so that customers can replace bricked hardware.
Size, scope, and scale
The attack has collateral damage far beyond Ukraine or the country’s armed forces. To wit: Thousands of wind turbines are still offline in Germany. Western intelligence agencies are probing the attack, and without elaborating, the NSA has confirmed it’s also looking into the breach.