From Surf Wiki (app.surf) — the open knowledge base
Viasat hack
| Viasat Hack; KA-Sat Attack | ||
|---|---|---|
| Part of Russian invasion of Ukraine | ||
| .mw-parser-output .tmulti .multiimageinner{display:flex;flex-direction:column}.mw-parser-output .tmulti .trow{display:flex;flex-direction:row;clear:left;flex-wrap:wrap;width:100%;box-sizing:border-box}.mw-parser-output .tmulti .tsingle{margin:1px;float:left}.mw-parser-output .tmulti .theader{clear:both;font-weight:bold;text-align:center;align-self:center;background-color:transparent;width:100%}.mw-parser-output .tmulti .thumbcaption{background-color:transparent}.mw-parser-output .tmulti .text-align-left{text-align:left}.mw-parser-output .tmulti .text-align-right{text-align:right}.mw-parser-output .tmulti .text-align-center{text-align:center}@media all and (max-width:720px){.mw-parser-output .tmulti .thumbinner{width:100%!important;box-sizing:border-box;max-width:none!important;align-items:center}.mw-parser-output .tmulti .trow{justify-content:center}.mw-parser-output .tmulti .tsingle{float:none!important;max-width:100%!important;box-sizing:border-box;text-align:center}.mw-parser-output .tmulti .tsingle .thumbcaption{text-align:left}.mw-parser-output .tmulti .trow>.thumbcaption{text-align:center}}@media screen{.mw-parser-output .tmulti .multiimageinner .thumbimage{background-color:inherit}html.skin-theme-clientpref-night .mw-parser-output .tmulti .multiimageinner .thumbimage:not([style*="background-color"]) span:not(.skin-invert-image):not(.skin-invert):not(.bg-transparent) img,html.skin-theme-clientpref-day .mw-parser-output .tmulti .multiimageinner .thumbimage:not([style*="background-color"]) span:not(.bg-transparent) img{background-color:white}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .tmulti .multiimageinner .thumbimage:not([style*="background-color"]) span:not(.skin-invert-image):not(.skin-invert):not(.bg-transparent) img{background-color:white}} | ||
| LocationGeostationary Earth Orbit and UkraineActionRusso-Ukrainian cyberwarfare | Geostationary Earth Orbit and Ukraine | Russo-Ukrainian cyberwarfare |
| Geostationary Earth Orbit and Ukraine | ||
| Russo-Ukrainian cyberwarfare | ||
| .mw-parser-output .treeview ul{padding:0;margin:0}.mw-parser-output .treeview li{padding:0;margin:0;list-style-type:none;list-style-image:none}.mw-parser-output .treeview li li{background:url("https://upload.wikimedia.org/wikipedia/commons/f/f2/Treeview-grey-line.png")no-repeat 0 -2981px;padding-left:21px;text-indent:0.3em}.mw-parser-output .treeview li li:last-child{background-position:0 -5971px}.mw-parser-output .treeview li.emptyline>ul>.mw-empty-elt:first-child+.emptyline,.mw-parser-output .treeview li.emptyline>ul>li:first-child{background-position:0 9px} | ||
| Russia | ||
| GRU | Ukraine | |
| SSSCIP | ||
| Viasat | ||
| Eutelsat | ||
| NSA | ||
| GCHQ | ||
| .mw-parser-output .plainlist ol,.mw-parser-output .plainlist ul{line-height:inherit;list-style:none;margin:0;padding:0}.mw-parser-output .plainlist ol li,.mw-parser-output .plainlist ul li{margin-bottom:0} Yuriy Shchyhol Victor Zhora | ||
| .mw-parser-output .infobox-subbox{padding:0;border:none;margin:-3px;width:auto;min-width:100%;font-size:100%;clear:none;float:none;background-color:transparent;color:inherit}.mw-parser-output .infobox-3cols-child{margin:-3px}.mw-parser-output .infobox .navbar{font-size:100%}@media screen{html.skin-theme-clientpref-night .mw-parser-output .infobox-full-data:not(.notheme)>div:not(.notheme)[style]{background:#1f1f23!important;color:#f8f9fa}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .infobox-full-data:not(.notheme)>div:not(.notheme)[style]{background:#1f1f23!important;color:#f8f9fa}}@media(min-width:640px){body.skin--responsive .mw-parser-output .infobox-table{display:table!important}body.skin--responsive .mw-parser-output .infobox-table>caption{display:table-caption!important}body.skin--responsive .mw-parser-output .infobox-table>tbody{display:table-row-group}body.skin--responsive .mw-parser-output .infobox-table th,body.skin--responsive .mw-parser-output .infobox-table td{padding-left:inherit;padding-right:inherit}} | ||
| AcidRain | ||
| Wiper malware | ||
| Modem / Router firmware Flash memory eraser | ||
| Cyberwarfare cyberattack | ||
| VPNFilter | ||
| 15 March 2022 | ||
| Fancy Bear, Sandworm | ||
| 23-24 February 2022 | ||
| Eutelsat | ||
| 5.188.159.169 | ||
| Modem firmware / KA-SAT | ||
| MIPS architecture | ||
| SurfBeam2 | ||
| Standalone ELF binary | ||
| ELF 32-bit MIPS executable | ||
| Viasat/Skylogic management network | ||
| Compiled C/C/C++ |
The Viasat hack was a cyberattack against the satellite internet system of American communications company Viasat which affected their KA-SAT network. The hack happened on the day of Russia's invasion of Ukraine. This was a hack in three stages and two events; gaining entry into a facility, uploading a malware to a satellite, and then having that satellite beam that signal back down to Earth, targeted at internet modems throughout Ukraine. Collateral spillover did leak outside of the borders of Ukraine, impacting internet modems in Germany, Scandinavia, the United Kingdom, and elsewhere throughout Europe.
On February 23, 2022, hackers targeted a VPN installation, in a Turin management center managed by Eutelsat, which provided network access to administrators and operators. The hackers gained access to management servers that gave them access to information about company’s modems. After a few hours, the hackers gained access to another server that delivered software updates to the modems which allowed them to deliver the novel wiper malware AcidRain. Wiper malwares are designed to render their targets completely useless.
On 24 February, 2022, the day Russia invaded Ukraine, thousands of Viasat modems went offline. The attack also caused the malfunction in the remote control of 5,800 Enercon wind turbines in Germany and disruptions to thousands of organizations across Europe.
On 31 March, 2022, SentinelOne researchers Juan Andres Guerrero-Saade and Max van Amerongen announced the discovery of a new wiper malware codenamed AcidRain designed to permanently disable routers. Viasat later confirmed that the AcidRain malware was used during the 'cyber event'. AcidRain shares code with VPNFilter, a 2018 cyber operation against routers attributed to the Russian military by the FBI.
On 10 May, 2022, the European Union, the United States, and the United Kingdom condemned the attack targeting Viasat's KA-SAT network as a Russian operation.
-
Cyberwarfare by Russia
-
Russian sabotage operations in Europe
-
KA-SAT Network cyber attack overview - from Viasat
Ask Mako anything about Viasat hack — get instant answers, deeper analysis, and related topics.
Research with MakoFree with your Surf account
Create a free account to save articles, ask Mako questions, and organize your research.
Sign up freeThis content may have been generated or modified by AI. CloudSurf Software LLC is not responsible for the accuracy, completeness, or reliability of AI-generated content. Always verify important information from primary sources.
Report