Aside from Zhora’s comment, the Ukrainian government has remained tight-lipped about the attack. However, satellite communications, also known as SATCOM, appear to be frequently used in the country. Ukraine has the world’s most transparent system for tracking government spending, and multiple government contracts show that the SSSCIP and police have purchased the technology. For instance, during Ukraine’s 2012 elections, more than 12,000 satellite internet connection points were used to monitor voting, official documents spotted by European cybersecurity firm SEKOIA.IO show.
“To disrupt satellite communications, most people—myself included—would look at the signal in space, because it’s exposed,” says Peter Lemme, an aviation specialist who also writes about satellite communications. “You can transmit signals toward the satellite that would effectively jam its ability to receive signals from legitimate modems.” Elon Musk has claimed that Starlink satellite systems he sent to Ukraine have faced jamming attacks.
However, the attack against Viasat may not have involved jamming. The attack against the network was a “deliberate, isolated, and external cyber event,” according to Viasat spokesperson Chris Phillips. The attack only impacted fixed broadband customers and didn’t cause disruption to airlines or Viasat’s US government clients, the company says, and no customer data was impacted. However, people’s modems have not been able to connect to the network, and they have been “rendered unusable.”
On Tuesday, Viasat chair Mark Dankberg told a satellite conference that the company purchased the KA-SAT in Europe last year, and its customer base is still being operated by a third party as part of the transition. “We believe for this particular event it was preventable, but we didn’t have that capability in that case,” Dankberg said, confirming that thousands of modems were taken offline. “In most of the cases of the modems that went offline, they need to be replaced. They can be refurbished, so we’re recycling modems through,” Dankberg said.
“There is no evidence to date of any impairment to the KA-SAT satellite, core network infrastructure, or gateways due to this incident,” Phillips says in a statement. Instead Viasat says the cyberattack was the result of a misconfiguration in a “management section” of its network, as first reported by Reuters. The company declined to provide any more details on the technical nature of the incident, citing ongoing investigations. Viasat says it is now focusing on recovering from the partial outage.
No government has officially attributed the attack to Russia, despite speculation it may have caused the attack to disrupt communications in Ukraine. Dankberg told CNBC on Monday that he couldn’t confirm whether Russia was behind the attack, and that governments would be the source of such attribution. It is rare for governments to quickly attribute cyberattacks to a country or actor, as investigations are complex and take time to complete.
However, Western officials say the attack would be in keeping with Russia’s playbook. “Were it to be attributed ultimately to Russia, it would very much fit within what we would expect them to do, which is to use their cyber capabilities to ultimately support their military campaign,” Western officials told reporters during an on-background briefing last week. The US National Security Agency (NSA), and ANSSI, France’s cybersecurity agency, are investigating the hack. The US Federal Bureau of Investigation has issued an advisory with the US Cybersecurity and Infrastructure Security Agency (CISA) that warns of SATCOM hacks. “CISA remains concerned about the threat to US and allies’ satellite communications networks,” Eric Goldstein, CISA’s executive assistant director for cybersecurity, said in a statement.