It is the most detailed public account to date of one of the war’s most momentous hacks. US officials are investigating the incident as a possible state-sponsored Russian cyberattack, CNN previously reported.
The hackers not only flooded the satellite modems of Viasat, a California-based company, with traffic to take them offline, but also used “destructive commands” to overwrite key data on the modems, Viasat said in its report — a sign of this how intent the hackers were on disrupting the service in Ukraine.
The hack happened on February 24, when the Russian military began its attack on Ukraine. A senior Ukrainian cyber official, Victor Zhora, on March 15 described the hack as “a really huge loss of communications right at the start of the war.”
Reuters first reported Viasat’s results on Wednesday.
Viasat worked to respond to the hack in the weeks that followed. It has shipped nearly 30,000 modems to customers to get them back online, the company said on Wednesday.
“The nature of these and other ongoing attacks that we routinely see is dynamic, and we’re constantly updating our tools and countermeasures to ensure the network is resilient and secure,” a Viasat spokesperson told CNN.
The US government is still investigating the hack.
“We currently have no attribution to share and are looking into it closely,” Saloni Sharma, spokesman for the National Security Council, said in an email on Wednesday. “As we have said before, we are concerned by the apparent use of cyber operations to disrupt communications systems in Ukraine and across Europe, and impair the access of businesses and individuals to the internet.”
Viasat hired US cybersecurity firm Mandiant to investigate the incident. Mandiant did not immediately respond to a request for comment.
The hack affected home modems on Viasat’s KA-SAT satellite network, Viasat announced on Wednesday. “This cyber attack did not impact Viasat’s directly managed mobility or government users on the KA-SAT satellite,” the company added.
“It is not surprising that the impact of the attack was not limited to Viasat’s residential customers on Ukrainian territory,” Brian Kime, vice president of cybersecurity firm ZeroFox, told CNN. “Collateral damage occurs in all wars, and if this had been mandated by Putin’s government and successfully targeted at Viasat’s government and military customers, there could easily have been a similar impact on non-Ukrainian customers, including NATO members.”
The struggle for communications during the war in Ukraine has made satellite owners and other telecom providers a prime target for hackers.
Triolan, an ISP with customers in key Ukrainian cities, said March 10 that a cyberattack disrupted service and blamed “the enemy” in an apparent reference to Russia.
For their part, Ukrainian officials have encouraged volunteer hackers to target Russian organizations involved in the war.