Western intelligence agencies are investigating a cyberattack against Viasat’s satellite Internet network in the wake of Russia’s invasion of Ukraine to establish if it was a state-sponsored incident.
Reuters reports that analysts for the US National Security Agency, French government cybersecurity organization ANSSI, and Ukrainian intelligence are assessing whether an outage suffered by Viasat’s European satellite network was the work of Russian-state backed hackers preparing the battlefield by attempting to sever communications.
On the same day that Russia invaded Ukraine, Viasat began suffering issues with its KA-SAT network. The company later acknowledged that it was engaging with cybersecurity firms to investigate the issue the midst of a suspected cyberattack.
PaxEx.Aero reported at the time at least three ISPs have reported issues connecting to Viasat satellites – including Intv.cz and EUSANET – but suggested as many as six are affected. CSP Bigblu confirmed its network was suffering disruption as a result of the Viasat outage, as did Orange-owned Nordnet. A German wind turbine manufacturer said remote operation of more than 5,000 turbines had been impacted by the disruption.
More than two weeks later some remain offline, resellers told Reuters.
SpaceX’s Starlink network has reportedly been suffering signal jamming attacks in the region.
Viasat said in a statement that the disruption for customers in Ukraine and elsewhere was triggered by a "deliberate, isolated, and external cyber event" but has yet to provide a full explanation of the incident.
"The network is stabilized and we are restoring service and activating terminals as quickly as possible," company spokesperson Chris Phillips told Reuters, adding that the company was prioritizing "critical infrastructure and humanitarian assistance."
The Viasat official said a misconfiguration in the "management section" of the satellite network had allowed the hackers remote access into the modems, knocking them offline. He said most of the affected devices would need to be reprogrammed either by a technician on-site or at a repair depot and that some would have to be swapped out. The affected modems appeared to be completely inoperative.