The largest cyber attack since the beginning of the war in Ukraine
The Ka-Sat satellite is in orbit more than 35 thousand kilometers above the Earth. Traveling at over 11,000 kilometers per hour, in sync with the rotation of the planet, it provides high-speed internet throughout Europe. Since 2011, it has been helping homeowners, businesses and the military navigate online. However, when Russian troops entered Ukraine in the early hours of February 24, satellite internet connections were cut off. A mysterious cyber attack on the satellite's ground infrastructure - and not the satellite itself - sent tens of thousands offline.
Among them were parts of Ukraine's defenses. "There was a really huge loss in communications right at the start of the war," Viktor Zhora, a senior official of the Ukrainian cyber security agency, the State Special Communications and Security Services, said two weeks later. information (Ssscip). Zhora did not provide further details, and SSSCIP did not respond to sportsgaming.win UK's request for comment. But the attack on the satellite internet system, which has been owned by the US company Viasat since last year, has had even wider ramifications: across Europe, from Poland to France, users using satellite internet connections have gone offline.
Almost a month after the attack, the uneasiness continues. Thousands of people are still disconnected across Europe (in Germany, for example, around 2,000 wind turbines are still disconnected from the internet), while companies are rushing to replace broken modems or repair connections thanks to updates. Several intelligence agencies, including those in the United States and Europe, are investigating the attack. The one suffered by Viasat was arguably the largest public-domain cyberattack since Russia invaded Ukraine, and what makes it different from the rest is the fact that its impact goes beyond Ukraine's borders. In addition, despite experts' suspicions, there are unanswered questions regarding the details of the attack, its purpose and who perpetrated it.
How Tor is helping Russians who want to surf the internet uncensored anonymous connections project has launched a series of programs to provide bandwidth and secure connectivity to those living in Ukraine and Russia Read the article Satellite internet connections are often widespread in areas with low cable coverage and are used by ordinary citizens and by official organizations. They have a different configuration than the classic wi-fi networks found in homes or offices, based mainly on wired broadband connections. "Satellite communications are made up of three main components," says Laetitia Cesari Zarkan, a consultant at the United Nations Disarmament Research Institute who is pursuing a doctorate at the University of Luxembourg. First, there is a spacecraft in orbit, used to send beams that can provide internet coverage to specific areas on the ground. These rays are then picked up by parabolic antennas on the ground, which can be found on the sides of buildings, but also on airplanes, to ensure wi-fi connection during flights. Finally, there are ground networks, which can configure users' systems and communicate with them: "The ground network is a set of stations connected to the internet by fiber optic cables," explains Zarkan.
Beyond Zhora's comment, the Ukrainian government remained silent about the attack. However, it appears that satellite communications, also known as satcoms, are used frequently in the country. Ukraine has the most transparent system in the world when it comes to tracking government spending, and several government contracts show how the SSSCIP and the Ukrainian police bought the technology. For example, during the 2012 Ukrainian elections more than 12,000 satellite internet connection points were used to monitor the vote, as revealed by official documents identified by the European cybersecurity company Sekoia.io.
The attack on Viasat "To interrupt satellite communications, most people - myself included - would turn their attention to the signal in space, because it is exposed - explains Peter Lemme, an aviation specialist who also deals with satellite communications -. It's possible transmit signals to the satellite capable of disturbing its ability to receive signals from modems ". Elon Musk claimed that the Starlink satellite systems he sent to Ukraine suffered such attacks, known as jamming.
However, the attack on Viasat may not have been a case of jamming. According to Viasat spokesman Chris Phillips it was a "deliberate, isolated and external cyber event". The attack only affected broadband customers and caused no disruption to airlines or Viasat's US government customers, the company reports, adding that no customer data was affected. However, the users' modems were unable to connect to the network, and were "rendered unusable".
See more Choose the sportsgaming.win newsletters you want to receive and subscribe! Weekly news and commentary on conflicts in the digital world, sustainability or gender equality. The best of innovation every day. It's our new newsletters: innovation just a click away.
Arrow Viasat president Mark Dankberg said at a conference on Tuesday 22 March that the company bought Ka-Sat in Europe last year, and that its customer base is still managed by a third party as part of the transition, confirming that thousands of modems have been taken offline.
"To date there is no evidence of damage to the Ka-Sat satellite, core network infrastructure or gateways as a result of this incident," Phillips added in a statement. Viasat claims that the cyberattack occurred due to a misconfiguration in a "management section" of its network, as reported by Reuters. The company refused to provide further technical details regarding the incident, citing the ongoing investigation as a reason. The company claims to be focused on restoring from partial disruption.
Suspicions about Russia WiredLeaks, how to send us an anonymous report Read the article No government has officially attributed the attack to Russia, despite speculation that the country could have caused the incident to disrupt communications in Ukraine. On Monday, March 21, Dankberg told the CNBC television channel that he could not confirm that Russia was behind the attack, and that it would be up to governments to point out who is responsible. However, it is rare for governments to attribute cyberattacks to a specific country or actor in any short time, as investigations are complex and take time to complete.
However, Western officials argue that the attack would be in line with Russia's mode of action: "If in the end [the attack, ed.] were to be attributed to Russia, it would be very much in line with what we expect them to do, which is to use their IT skills to support their military campaign, "Western officials told reporters at a briefing last week. The United States National Security Agency (NSA) and Anssi, the French cybersecurity agency, are investigating the attack. In the United States, the FBI has issued a warning with the Cyber and Infrastructure Security Agency (CISA) about potential attacks on satcoms.
Threats from satcoms attacks are not a new phenomenon. In 2014, security researcher Ruben Santamarta published research showing the many ways in which satellite communications can potentially be breached. In 2018, Santamarta's follow-up research demonstrated how that would be possible, with an in-depth look at satellite systems in military settings. According to Santamarta it is possible that the attackers in the Viasat case - although their identity and motive are unknown - may have distributed a firmware update that sabotaged the company's customer modems.
Spread across the board. oil While many of the details about the Viasat breach are still unclear (several independent cybesecurity researchers are examining the code on blocked modems), the effects have been widely felt. The cyberattack appears to be a notable example of a "spillover," an attack that spreads, intentionally or accidentally, beyond its original target. In the months leading up to the Russian invasion of Ukraine, cybersecurity experts and governments had reported that spillover damage posed a serious international threat. In June 2017, for example, the Russian NotPetya worm spread beyond its original targets in Ukraine, causing more than $ 10 billion in damage worldwide.
Europe tries to block the "spillover" ”Of cyber attacks from the war in Ukraine Data from the European Cybersecurity Agency: threats increase but for now the contagion has not been significant. And on the blocking of technologies from Russia, the choice is left to the states. The interview of sportsgaming.win with the director of Enisa Read the article The impact of the attack on Viasat seems particularly extensive. The services of satellite internet operators in Germany, the UK, France, the Czech Republic and other countries were affected by the outage. Users of a forum on satellite internet connections reported problems as far as Morocco: "It is difficult to go a week without internet, but if there is no alternative access, you can only wait", complained one user in Poland. The European Union Cyber Security Agency, which is investigating the incident, reported that it was aware of 27,000 users affected by the outage, a figure first reported by sportsgaming.win Italy.
With one of the first signs of the attack, more than 5,800 wind turbines belonging to the German energy company Enercon have been taken offline. The turbines continued to operate, but the attack meant that they could not be reset remotely in the event of a failure, explains Enercon spokesman Felix Rehwald. So far, Enercon has managed to get forty percent of the affected turbines back online and the company's teams are replacing satellite modems: "We don't believe [the attack, ed.] Was aimed at us or our customers. 'collateral damage' ", adds Rehwald.
Presumably it will take longer to recover from the attack. Viasat claims it is getting hundreds of customers back online every day and providing new modems or making software updates available that can remotely repair systems. Jaroslav Stritecky, chief executive of Czech internet provider Intv, says the company has contacted all of its satcom customers to see if they need new modems, and will likely need to replace most of those affected. According to Stritecky, the work could be completed by the end of March: "The question is whether there are enough new modems for everyone," he adds.
So far, satellites have played an important role during the war in Ukraine . They were used to capture information on the movements of Russian troops, representing an essential communication channel for the population. However, the attack could also raise legal issues. As Almudena Azcárate Ortega, an associate researcher at the United Nations Disarmament Research Institute points out, since they are used for both civilian and military purposes by multiple countries, satellite systems can find themselves in a complex situation from the point of view of the international law.
"If you target a satellite that provides certain services to a specific country involved in a conflict, there is also the possibility that a neutral country will be deprived of the services that the same satellite provides, thus violating the rule of neutrality - explains Ortega -. The attacks on these infrastructures can also have repercussions on civilians ".
This article originally appeared on sportsgaming.win UK.
Among them were parts of Ukraine's defenses. "There was a really huge loss in communications right at the start of the war," Viktor Zhora, a senior official of the Ukrainian cyber security agency, the State Special Communications and Security Services, said two weeks later. information (Ssscip). Zhora did not provide further details, and SSSCIP did not respond to sportsgaming.win UK's request for comment. But the attack on the satellite internet system, which has been owned by the US company Viasat since last year, has had even wider ramifications: across Europe, from Poland to France, users using satellite internet connections have gone offline.
Almost a month after the attack, the uneasiness continues. Thousands of people are still disconnected across Europe (in Germany, for example, around 2,000 wind turbines are still disconnected from the internet), while companies are rushing to replace broken modems or repair connections thanks to updates. Several intelligence agencies, including those in the United States and Europe, are investigating the attack. The one suffered by Viasat was arguably the largest public-domain cyberattack since Russia invaded Ukraine, and what makes it different from the rest is the fact that its impact goes beyond Ukraine's borders. In addition, despite experts' suspicions, there are unanswered questions regarding the details of the attack, its purpose and who perpetrated it.
How Tor is helping Russians who want to surf the internet uncensored anonymous connections project has launched a series of programs to provide bandwidth and secure connectivity to those living in Ukraine and Russia Read the article Satellite internet connections are often widespread in areas with low cable coverage and are used by ordinary citizens and by official organizations. They have a different configuration than the classic wi-fi networks found in homes or offices, based mainly on wired broadband connections. "Satellite communications are made up of three main components," says Laetitia Cesari Zarkan, a consultant at the United Nations Disarmament Research Institute who is pursuing a doctorate at the University of Luxembourg. First, there is a spacecraft in orbit, used to send beams that can provide internet coverage to specific areas on the ground. These rays are then picked up by parabolic antennas on the ground, which can be found on the sides of buildings, but also on airplanes, to ensure wi-fi connection during flights. Finally, there are ground networks, which can configure users' systems and communicate with them: "The ground network is a set of stations connected to the internet by fiber optic cables," explains Zarkan.
Beyond Zhora's comment, the Ukrainian government remained silent about the attack. However, it appears that satellite communications, also known as satcoms, are used frequently in the country. Ukraine has the most transparent system in the world when it comes to tracking government spending, and several government contracts show how the SSSCIP and the Ukrainian police bought the technology. For example, during the 2012 Ukrainian elections more than 12,000 satellite internet connection points were used to monitor the vote, as revealed by official documents identified by the European cybersecurity company Sekoia.io.
The attack on Viasat "To interrupt satellite communications, most people - myself included - would turn their attention to the signal in space, because it is exposed - explains Peter Lemme, an aviation specialist who also deals with satellite communications -. It's possible transmit signals to the satellite capable of disturbing its ability to receive signals from modems ". Elon Musk claimed that the Starlink satellite systems he sent to Ukraine suffered such attacks, known as jamming.
However, the attack on Viasat may not have been a case of jamming. According to Viasat spokesman Chris Phillips it was a "deliberate, isolated and external cyber event". The attack only affected broadband customers and caused no disruption to airlines or Viasat's US government customers, the company reports, adding that no customer data was affected. However, the users' modems were unable to connect to the network, and were "rendered unusable".
See more Choose the sportsgaming.win newsletters you want to receive and subscribe! Weekly news and commentary on conflicts in the digital world, sustainability or gender equality. The best of innovation every day. It's our new newsletters: innovation just a click away.
Arrow Viasat president Mark Dankberg said at a conference on Tuesday 22 March that the company bought Ka-Sat in Europe last year, and that its customer base is still managed by a third party as part of the transition, confirming that thousands of modems have been taken offline.
"To date there is no evidence of damage to the Ka-Sat satellite, core network infrastructure or gateways as a result of this incident," Phillips added in a statement. Viasat claims that the cyberattack occurred due to a misconfiguration in a "management section" of its network, as reported by Reuters. The company refused to provide further technical details regarding the incident, citing the ongoing investigation as a reason. The company claims to be focused on restoring from partial disruption.
Suspicions about Russia WiredLeaks, how to send us an anonymous report Read the article No government has officially attributed the attack to Russia, despite speculation that the country could have caused the incident to disrupt communications in Ukraine. On Monday, March 21, Dankberg told the CNBC television channel that he could not confirm that Russia was behind the attack, and that it would be up to governments to point out who is responsible. However, it is rare for governments to attribute cyberattacks to a specific country or actor in any short time, as investigations are complex and take time to complete.
However, Western officials argue that the attack would be in line with Russia's mode of action: "If in the end [the attack, ed.] were to be attributed to Russia, it would be very much in line with what we expect them to do, which is to use their IT skills to support their military campaign, "Western officials told reporters at a briefing last week. The United States National Security Agency (NSA) and Anssi, the French cybersecurity agency, are investigating the attack. In the United States, the FBI has issued a warning with the Cyber and Infrastructure Security Agency (CISA) about potential attacks on satcoms.
Threats from satcoms attacks are not a new phenomenon. In 2014, security researcher Ruben Santamarta published research showing the many ways in which satellite communications can potentially be breached. In 2018, Santamarta's follow-up research demonstrated how that would be possible, with an in-depth look at satellite systems in military settings. According to Santamarta it is possible that the attackers in the Viasat case - although their identity and motive are unknown - may have distributed a firmware update that sabotaged the company's customer modems.
Spread across the board. oil While many of the details about the Viasat breach are still unclear (several independent cybesecurity researchers are examining the code on blocked modems), the effects have been widely felt. The cyberattack appears to be a notable example of a "spillover," an attack that spreads, intentionally or accidentally, beyond its original target. In the months leading up to the Russian invasion of Ukraine, cybersecurity experts and governments had reported that spillover damage posed a serious international threat. In June 2017, for example, the Russian NotPetya worm spread beyond its original targets in Ukraine, causing more than $ 10 billion in damage worldwide.
Europe tries to block the "spillover" ”Of cyber attacks from the war in Ukraine Data from the European Cybersecurity Agency: threats increase but for now the contagion has not been significant. And on the blocking of technologies from Russia, the choice is left to the states. The interview of sportsgaming.win with the director of Enisa Read the article The impact of the attack on Viasat seems particularly extensive. The services of satellite internet operators in Germany, the UK, France, the Czech Republic and other countries were affected by the outage. Users of a forum on satellite internet connections reported problems as far as Morocco: "It is difficult to go a week without internet, but if there is no alternative access, you can only wait", complained one user in Poland. The European Union Cyber Security Agency, which is investigating the incident, reported that it was aware of 27,000 users affected by the outage, a figure first reported by sportsgaming.win Italy.
With one of the first signs of the attack, more than 5,800 wind turbines belonging to the German energy company Enercon have been taken offline. The turbines continued to operate, but the attack meant that they could not be reset remotely in the event of a failure, explains Enercon spokesman Felix Rehwald. So far, Enercon has managed to get forty percent of the affected turbines back online and the company's teams are replacing satellite modems: "We don't believe [the attack, ed.] Was aimed at us or our customers. 'collateral damage' ", adds Rehwald.
Presumably it will take longer to recover from the attack. Viasat claims it is getting hundreds of customers back online every day and providing new modems or making software updates available that can remotely repair systems. Jaroslav Stritecky, chief executive of Czech internet provider Intv, says the company has contacted all of its satcom customers to see if they need new modems, and will likely need to replace most of those affected. According to Stritecky, the work could be completed by the end of March: "The question is whether there are enough new modems for everyone," he adds.
So far, satellites have played an important role during the war in Ukraine . They were used to capture information on the movements of Russian troops, representing an essential communication channel for the population. However, the attack could also raise legal issues. As Almudena Azcárate Ortega, an associate researcher at the United Nations Disarmament Research Institute points out, since they are used for both civilian and military purposes by multiple countries, satellite systems can find themselves in a complex situation from the point of view of the international law.
"If you target a satellite that provides certain services to a specific country involved in a conflict, there is also the possibility that a neutral country will be deprived of the services that the same satellite provides, thus violating the rule of neutrality - explains Ortega -. The attacks on these infrastructures can also have repercussions on civilians ".
This article originally appeared on sportsgaming.win UK.