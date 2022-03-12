US spy agency probes sabotage of satellite internet during Russian invasion, sources say

USA

Reuters
12 March, 2022, 10:10 am
Last modified: 12 March, 2022, 10:20 am

Related News

US spy agency probes sabotage of satellite internet during Russian invasion, sources say

Analysts for the US National Security Agency, French government cybersecurity organization ANSSI, and Ukrainian intelligence are assessing whether the remote sabotage of a satellite internet provider's service was the work of Russian-state backed hackers preparing the battlefield by attempting to sever communications

Reuters
12 March, 2022, 10:10 am
Last modified: 12 March, 2022, 10:20 am
Viasat offices are shown at the company&#039;s headquarters in Carlsbad, California, U.S. 9 March 2022. Picture taken March 9, 2022. REUTERS/Mike Blake
Viasat offices are shown at the company's headquarters in Carlsbad, California, U.S. 9 March 2022. Picture taken March 9, 2022. REUTERS/Mike Blake

Western intelligence agencies are investigating a cyberattack by unidentified hackers that disrupted broadband satellite internet access in Ukraine coinciding with Russia's invasion, according to three people with direct knowledge of the incident.

Analysts for the US National Security Agency, French government cybersecurity organization ANSSI, and Ukrainian intelligence are assessing whether the remote sabotage of a satellite internet provider's service was the work of Russian-state backed hackers preparing the battlefield by attempting to sever communications.

The digital blitz on the satellite service began on 24 Feb between 5 am and 9 am, just as Russian forces started going in and firing missiles, striking major Ukrainian cities including the capital, Kyiv.

The consequences are still being investigated but satellite modems belonging to tens of thousands of customers in Europe were knocked offline, according to an official of US telecommunications firm Viasat, which owns the affected network.

The hackers disabled modems that communicate with Viasat Inc's KA-SAT satellite, which supplies internet access to some customers in Europe, including Ukraine. More than two weeks later some remain offline, resellers told Reuters.

What appears to be one of the most significant wartime cyberattacks publicly disclosed so far has piqued the interest of Western intelligence because Viasat acts as a defense contractor for both the United States and multiple allies.

Government contracts reviewed by Reuters show that KA-SAT has provided internet connectivity to Ukrainian military and police units.

Pablo Breuer, a former technologist for US special operations command, or SOCOM, said knocking out satellite internet connectivity could handicap Ukraine's ability to combat Russian forces.

"Traditional land-based radios only reach so far. If you're using modern smart systems, smart weapons, trying to do combined arms maneuvers, then you must rely on these satellites," said Breuer.

The Russian Embassy in Washington did not immediately return a message seeking comment. Moscow has repeatedly rejected allegations that it participates in cyberattacks.

Russian soldiers have besieged Ukrainian cities in what the Kremlin describes as a "de-Nazification" operation that has been denounced by the West as an unprovoked assault and led to severe sanctions against Moscow as punishment.

MODEMS INOPERATIVE

Viasat said in a statement that the disruption for customers in Ukraine and elsewhere was triggered by a "deliberate, isolated and external cyber event" but has yet to provide a detailed, public explanation of what happened.

"The network is stabilized and we are restoring service and activating terminals as quickly as possible," spokesperson Chris Phillips said in an email, adding that the company was prioritizing "critical infrastructure and humanitarian assistance."

The affected modems appeared to be completely inoperative, according to Jaroslav Stritecky, who runs Czech telecommunications company INTV. Normally, he said, the four status lights on the curved, SurfBeam 2 modems would indicate whether they were connected to the internet. After the attack, the lights on the Viasat-made devices would not turn on at all.

The Viasat official said a misconfiguration in the "management section" of the satellite network had allowed the hackers remote access into the modems, knocking them offline. He said most of the affected devices would need to be reprogrammed either by a technician on site or at a repair depot and that some would have to be swapped out.

The Viasat official wasn't explicit about what the "management section" of the network referred to and declined to provide further details. KA-SAT and its associated ground stations, which Viasat purchased last year from European company Eutelsat, are still operated by a Eutelsat subsidiary.

Eutelsat referred questions back to Viasat.

Viasat has hired US cybersecurity firm Mandiant, which specializes in tracking state-sponsored hackers, to investigate the intrusion, according to two people familiar with the matter.

Spokespeople for the NSA, ANSSI, and Mandiant declined to comment.

Viasat said government clients who procured services directly from the company were unaffected by the disruption. The KA-SAT network is operated, however, by a third party, which in turn farms out service through various distributors.

Over the past several years Ukraine's military and security services have purchased several different communications systems that run over Viasat's network, according to contracts posted on ProZorro, a Ukrainian transparency platform.

A message seeking comment from the Ukrainian military was not immediately returned.

Some internet distributors are still waiting to replace their devices.

Stritecky, the Czech telecom executive, said he did not blame Viasat.

He recalled coming into work on the morning of the invasion and seeing a monitor showing regional satellite coverage in the Czech Republic, neighboring Slovakia, and Ukraine all in red.

"It was immediately clear what happened," he said.

World+Biz / Europe

USA / Russian / Ukraine crisis / Spy

Comments

While most comments will be posted if they are on-topic and not abusive, moderation decisions are subjective. Published comments are readers’ own views and The Business Standard does not endorse any of the readers’ comments.

Top Stories

MOST VIEWED

Related News

Features

The city of Pripyat was abandoned after the explosion of the Chernobyl nuclear power plant in 1986. Photo: Reuters

What are the risks at the Chernobyl nuclear plant?

20h | Panorama
Illustration: TBS

Why open new banks if they chase the same customers?

23h | Panorama
As horses run a long distance on asphalt roads, their hooves start to decay and over time, their flesh gets exposed. Photo: Mumit M

Tomtoms: A tradition riding on cruelty

1d | Panorama
Sketch: TBS

The trans women who fought it out

1d | Features

More Videos from TBS

Russia hits back at Western sanctions with export bans

Russia hits back at Western sanctions with export bans

20h | Videos
Rumors on Bipasha’s pregnancy

Rumors on Bipasha’s pregnancy

22h | Videos
Criticism growing over Western world's double stand

Criticism growing over Western world's double stand

23h | Videos
Skib Khan to release new album

Skib Khan to release new album

1d | Videos

Most Read

1
FILE PHOTO: REUTERS/Brian Snyder
Education

Private unis to replace trimesters with semesters from 1 July

2
Infograph: TBS
Economy

Sri Lankan company snaps up Agora 

3
Russia resumes potato import from Bangladesh
Economy

Russia resumes potato import from Bangladesh

4
Shahnaz Shimul. Photo: Courtesy
Splash

From beauty influencer to an entrepreneur, Shahnaz Shimul does it all

5
Sunny Leone denied entry in Bangladesh
Splash

Sunny Leone denied entry in Bangladesh

6
Xinyi Glass Holdings eyes plant in Bangladesh
Economy

Chinese glass giant keen to invest $200m in Bangladesh