clock menu more-arrow no yes

Filed under:

Russian military reportedly hacked into European satellites at start of Ukraine war

New, 5 comments

The previously unattributed cyberattack has now been traced back to Russia, US officials told The Washington Post

Illustration by Alex Castro / The Verge

American government officials told The Washington Post that the Russian military was responsible for a cyberattack on a European satellite internet service that affected Ukrainian military communications in late February.

The hack affected the KA-SAT satellite broadband network, owned by Viasat, an American satellite communications company. On February 24th, the day the Russian invasion of Ukraine began, the KA-SAT network was hit by outages that affected Ukraine and surrounding regions in Europe. A few days afterward, Viasat blamed outages on a “cyber event,” but did not release further details.

Though Ukrainian officials have not fully disclosed the impact, the outage is believed to have caused significant communications disruptions at the beginning of the war.

The NSA was reported to be collaborating on an investigation with Ukrainian intelligence services, but no results have been officially announced. However, anonymous officials reportedly told the Post that US intelligence analysts have now concluded that Russian military hackers were behind the attack.

A request for confirmation sent by The Verge to the Cybersecurity and Infrastructure Security Agency (CISA) had not received a response by the time of publication.

Officials from Viasat told Air Force Magazine that the attack was conducted through a compromise of the system that manages customer satellite terminals, and only affected customers of the KA-SAT network, a smaller broadband provider that Viasat bought last year from French satellite operator Eutelsat.

At the outset of the conflict, commentators feared that Russia could launch widespread and destructive cyberattacks. While one perspective holds that such attacks have failed to materialize, the slow release of additional information gives credence to the suggestion that many attacks may have occurred in the shadows.

In the aftermath of the hack, CISA and the FBI issued a joint cybersecurity advisory to satellite communications providers, warning that the agencies were aware of possible threats to US and international networks, and advising companies to report any indications of malicious activity immediately.

As the war in Ukraine continues — and US opposition to Russia grows in the form of sanctions — the Biden administration has issued increasingly serious warnings about the possibility of Russian cyberattacks on US infrastructure.

On Monday, President Biden advised US businesses to take added precautions against hacking, citing “evolving intelligence” that Russia was preparing to target the US with cyberattacks. Then on Thursday, the Department of Justice unsealed indictments against four Russians accused of mounting state-sponsored cyberattacks against the US, publicly releasing details of a highly sophisticated hacking campaign involving supply-chain software compromises and spear-phishing campaigns against thousands of employees of companies and US government agencies.