Exclusive-U.S. spy agency probes sabotage of satellite internet during
Russian invasion -sources
Send a link to a friend
[March 11, 2022] By
James Pearson, Raphael Satter, Christopher Bing and Joel Schectman
(Reuters) - Western intelligence agencies
are investigating a cyberattack by unidentified hackers that disrupted
broadband satellite internet access in Ukraine coinciding with Russia's
invasion, according to three people with direct knowledge of the
incident.
Analysts for the U.S. National Security Agency, French government
cybersecurity organization ANSSI, and Ukrainian intelligence are
assessing whether the remote sabotage of a satellite internet provider's
service was the work of Russian-state backed hackers preparing the
battlefield by attempting to sever communications.
The digital blitz on the satellite service began on Feb. 24 between 5
a.m. and 9 a.m., just as Russian forces started going in and firing
missiles, striking major Ukrainian cities including the capital, Kyiv.
The consequences are still being investigated but satellite modems
belonging to tens of thousands of customers in Europe were knocked
offline, according to an official of U.S. telecommunications firm Viasat,
which owns the affected network.
The hackers disabled modems that communicate with Viasat Inc's KA-SAT
satellite, which supplies internet access to some customers in Europe,
including Ukraine. More than two weeks later some remain offline,
resellers told Reuters.
What appears to be one of the most significant wartime cyberattacks
publicly disclosed so far has piqued the interest of Western
intelligence because Viasat acts as a defense contractor for both the
United States and multiple allies.
Government contracts reviewed by Reuters show that KA-SAT has provided
internet connectivity to Ukrainian military and police units.
Pablo Breuer, a former technologist for U.S. special operations command,
or SOCOM, said knocking out satellite internet connectivity could
handicap Ukraine’s ability to combat Russian forces.
"Traditional land-based radios only reach so far. If you’re using modern
smart systems, smart weapons, trying to do combined arms maneuvers, then
you must rely on these satellites," said Breuer.
The Russian Embassy in Washington did not immediately return a message
seeking comment. Moscow has repeatedly rejected allegations that it
participates in cyberattacks.
Russian soldiers have besieged Ukrainian cities in what the Kremlin
describes as a "de-Nazification" operation that has been denounced by
the West as an unprovoked assault and led to severe sanctions against
Moscow as punishment.
MODEMS INOPERATIVE
Viasat said in a statement that the disruption for customers in Ukraine
and elsewhere was triggered by a "deliberate, isolated and external
cyber event" but has yet to provide a detailed, public explanation of
what happened.
"The network is stabilized and we are restoring service and activating
terminals as quickly as possible," spokesperson Chris Phillips said in
an email, adding that the company was prioritizing "critical
infrastructure and humanitarian assistance."
[to top of second column] |
Viasat offices are shown at the company's headquarters in Carlsbad,
California, U.S. March 9, 2022. Picture taken March 9, 2022.
REUTERS/Mike Blake
The affected modems appeared to be completely inoperative, according to Jaroslav
Stritecky, who runs Czech telecommunications company INTV. Normally, he said,
the four status lights on the curved, SurfBeam 2 modems would indicate whether
they were connected to the internet. After the attack, the lights on the Viasat-made
devices would not turn on at all.
The Viasat official said a misconfiguration in the "management section" of the
satellite network had allowed the hackers remote access into the modems,
knocking them offline. He said most of the affected devices would need to be
reprogrammed either by a technician on site or at a repair depot and that some
would have to be swapped out.
The Viasat official wasn’t explicit about what the "management section" of the
network referred to and declined to provide further details. KA-SAT and its
associated ground stations, which Viasat purchased last year from European
company Eutelsat, are still operated by a Eutelsat subsidiary.
Eutelsat referred questions back to Viasat.
Viasat has hired U.S. cybersecurity firm Mandiant, which specializes in tracking
state-sponsored hackers, to investigate the intrusion, according to two people
familiar with the matter.
Spokespeople for the NSA, ANSSI, and Mandiant declined to comment.
Viasat said government clients who procured services directly from the company
were unaffected by the disruption. The KA-SAT network is operated, however, by a
third party, which in turn farms out service through various distributors.
Over the past several years Ukraine's military and security services have
purchased several different communications systems that run over Viasat’s
network, according to contracts posted on ProZorro, a Ukrainian transparency
platform.
A message seeking comment from the Ukrainian military was not immediately
returned.
Some internet distributors are still waiting to replace their devices.
Stritecky, the Czech telecom executive, said he did not blame Viasat.
He recalled coming into work on the morning of the invasion and seeing a monitor
showing regional satellite coverage in the Czech Republic, neighboring Slovakia,
and Ukraine all in red.
"It was immediately clear what happened," he said.
(Reporting by James Pearson, Raphael Satter, Christopher Bing and Joel Schectman;
Editing by Chris Sanders and Grant McCool)
[© 2022 Thomson Reuters. All rights
reserved.]This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
