On March 17th, CISA and the FBI issued a Joint Cybersecurity Advisory for the SATCOM ecosystem, following the cyberattack on the Viasat Satellite system.  That same week, OODA Loop contributor Emilio Iasiello provided an analysis of satellite security in the context of overall cybersecurity:

“The cyber threat to satellites has been a longstanding concern and one that has, unfortunately, been mixed in with the myriad other cybersecurity issues facing the global community. As a result, it’s not surprising that satellite security has gotten lost in the shuffle, particularly given the need to prioritize and safeguard 16 critical infrastructure sectors.

But the recent Viasat attack shows the potential of what can happen when cyberspace and orbital space are intermingled, and while the Internet disruption will likely have a limited impact, it reveals how cyber attacks can be executed against these space assets to impact real-world operations. Satellites support several sectors and industries and contribute substantially to the global economy. Communications, Finance, Logistics, and Defense all rely on satellites to support their operations. Because of its increasing importance to sustain industries, the space sector as a whole is expected to be larger than oil in the next decade with an estimated worth of USD 3 trillion by 2050.  Reliance on satellite functionality will only increase in the coming years.”

State Department Confirms Russian Attribution in Secretary Blinken-led Press Conference

At the time of our initial coverage and Emilio’s analysis, the attack was not officially attributed. As of May 10th,  Secretary of State Anthony Blinken made the U.S. government’s official attribution known to the general public:

“Today, in support of the European Union and other partners, the United States is sharing publicly its assessment that Russia launched cyberattacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries.  The activity disabled very small aperture terminals in Ukraine and across Europe.  This includes tens of thousands of terminals outside of Ukraine that, among other things, support wind turbines and provide Internet services to private citizens.”

🌎🤝We join our global allies & partners in support of a secure cyberspace. Today’s series of announcements reinforces the need to keep our 🛡Shields-Up: https://t.co/noCFT0QNm8! https://t.co/6soMwuigC9

— Jen Easterly🛡️ (@CISAJen) May 10, 2022

Reuters covered the multiple statements made by E.U. government officials on the same day:

Russia was behind a massive cyberattack against a satellite internet network that took tens of thousands of modems offline at the onset of the Russia-Ukraine war, the United States, Britain, Canada, Estonia, and the European Union said on Tuesday.  The digital assault against Viasat’s KA-SAT network in late February took place just as Russian armour pushed into Ukraine.

British Foreign Secretary Liz Truss called the satellite internet hack “deliberate and malicious” and the Council of the EU said it caused “indiscriminate communication outages” in Ukraine and several EU member states.  The Viasat outage remains the most publicly visible cyberattack carried out since Russia’s invasion of Ukraine, in part because the hack had immediate knock-on consequences for satellite internet users across Europe and because the crippled modems often had to be replaced manually.

https://twitter.com/RidT/status/1524054379749421057

The precise consequences of the hack on the Ukrainian battlefield have not been made public, but government contracts reviewed by Reuters show that KA-SAT has provided internet connectivity to the Ukrainian military and police units.  The satellite modem sabotage caused a “huge loss in communications in the very beginning of the war”, Ukrainian cybersecurity official Victor Zhora said in March.

“After those modems were knocked offline it wasn’t like you unplug them and plug them back in and reboot and they come back,” the U.S. National Security Agency’s Director of Cybersecurity Rob Joyce told Reuters on the sidelines of a cybersecurity conference on Tuesday.  “That was the biggest single event,” said Joyce. “It certainly had new and novel tradecraft, but there have been multiple attacks.”

The satellite modem-wrecking cyberattack remains the most visible hack of the war, but many others have taken place since and not all of them have been made public. (1)

In March, Viasat released an analysis of the incident:  KA-SAT Network cyber attack overview | Viasat.

What Next?

EU attributes cyberoperations targeting the KA-SAT network iterated by US company Viasat to Russia.

The attribution statement ticks many cyber diplomacy boxes:
✅️ reference to cyber norms
✅️ specify which norm was violated (prohibition of targeting/1https://t.co/tHFUzHMPrz

— Alexandra Paulus @alexandrapaulus.bsky.social (@ale_paulus) May 10, 2022

• The U.S. Government has developed new mechanisms to help Ukraine identify cyber threats and recover from cyber incidents.  As nations committed to upholding the rules-based international order in cyberspace, the United States and its allies and partners are taking steps to defend against Russia’s irresponsible actions.
• We have also enhanced our support for Ukraine’s digital connectivity:  Including by providing satellite phones and data terminals to Ukrainian government officials, essential service providers, and critical infrastructure operators.
• More information on the U.S. government’s efforts to support cybersecurity and connectivity in Ukraine is available here.

US-CERT Alert (AA22-076A):  Strengthening Cybersecurity of SATCOM Network Providers and Customers

US-CERT AA22-076A was originally released on March 17th but was last revised on May 10th due the official attribution.   Overall, the attribution further validates the need for U.S. organizations to prepare for potential Russian cyberattacks.  Click here for a PDF version of this report.

Mitigations

Contact Information