Exclusive: U.S. spy agency probes sabotage of satellite internet during Russian invasion, sources say

11 March (Reuters) According to three persons with direct knowledge of the situation, Western intelligence agencies are looking into a cyberattack by unidentified hackers that crippled broadband satellite internet connection in Ukraine at the same time as Russia’s incursion.

Analysts for the French government cybersecurity agency ANSSI, the Ukrainian intelligence service, and the U.S. National Security Agency are evaluating whether the remote sabotage of a satellite internet provider’s service was carried out by Russian-state-backed hackers attempting to cut off communications to prepare the battlefield.

On February 24, between 5 and 9 a.m., the digital blitz on the satellite service commenced as Russian forces entered Ukraine and began shooting missiles, impacting major Ukrainian cities including the capital, Kyiv.

According to a representative of the American telecommunications company Viasat, which controls the impacted network, satellite modems belonging to tens of thousands of users in Europe were taken offline as a result of the incident.

Current updates

Mayor: Kyiv’s overnight strikes result in power and heating interruptions.
Officials claim that Russian drones attack crucial infrastructure in and around Kyiv, targeting it as a target for attacks.
Ukraine shells Makiivka, striking military barracks, according to officials, and the Telegraph claims that UK’s Sunak suspends childcare reform indefinitely.

Some clients across Europe, including Ukraine, have internet connectivity from Viasat Inc.’s KA-SAT satellite, which was blocked by the hackers. Some are still offline more than two weeks later, resellers told Reuters.

Due to Viasat’s role as a defense contractor for the United States and its allies, what seems to be one of the most serious wartime cyberattacks officially documented thus far has caught the attention of Western intelligence.

According to government contracts examined by Reuters, KA-SAT has given Ukrainian military and police forces internet connectivity.

According to Pablo Breuer, a former SOCOM technician for the United States, cutting off satellite internet connectivity could make it more difficult for Ukraine to defend itself against Russian forces.

“The range of conventional land-based radios is limited. You must rely on these satellites if you’re deploying contemporary smart systems, smart weapons, and trying to perform combined arms movements “Breuer remarked.

When contacted for comment, the Russian Embassy in Washington did not respond right away. Moscow has consistently denied claims that it takes part in cyberattacks.

In what the Kremlin refers to as a “de-Nazification” campaign, the Russian military has surrounded Ukrainian cities. The West has condemned this as an unprovoked attack and has imposed harsh penalties against Moscow as a result. View More

MODELS INEFFICIENT

Viasat claimed in a statement that a “deliberate, isolated and external cyber event” was to blame for the disruption for clients in Ukraine and elsewhere, but the company has not yet offered a thorough, open justification.

In an email, business representative Chris Phillips said, “The network has stabilized and we are restoring service and activating terminals as rapidly as possible.” He added that the company was giving priority to “essential infrastructure and humanitarian assistance.”

Managing director of the Czech telecoms firm INTV, Jaroslav Strategy, said that the impacted modems appeared to be fully inoperative. He claimed that normally, the SurfBeam 2 modems’ four status lights would show whether they were online or not. The lights on the Viasat-made equipment would not switch on at all following the attack.

The Viasat representative claimed that a bug in the satellite network’s “administration section” had given the hackers remote access to the modems, forcing them offline. He claimed that some of the impacted devices would need to be replaced and that the majority of them would need to be reprogrammed, either on-site or at a repair facility.

The Viasat representative declined to provide any information and was evasive when asked what the “management part” of the network meant. A Eutelsat subsidiary continues to run KA-SAT and its related ground stations, which Viasat acquired from the European firm Eutelsat last year.

Questions were forwarded to Viasat through Eutelsat.

According to two persons with knowledge of the situation, Viasat has hired the American cybersecurity company Mandiant to look into the infiltration. Mandiant specializes in finding state-sponsored hackers.

Mandiant, ANSSI, and the NSA’s spokespeople all declined to comment.

Government customers who directly purchased services from Viasat, according to the corporation, were unaffected by the outage. However, a third firm manages the KA-SAT network and contracts out service via a number of distributors.

According to contracts published on ProZorro, a Ukrainian transparency portal, the military and security services of Ukraine have purchased a number of various communications equipment that utilize the Viasat network during the previous few years.

The Ukrainian military did not immediately respond to a message requesting comment.

Some online vendors are still holding off on replacing their hardware.

The Czech telecom chief, Strategy, claimed Viasat was not at fault.

On the morning of the invasion, when he arrived at work, a monitor displayed regional satellite coverage in the Czech Republic, neighboring Slovakia, and Ukraine, all of which were highlighted in red.

“What happened was immediately evident,” he stated.

 

 

Related Posts