Viasat modem hackers, who crippled thousands of satellite modems in Ukraine and across Europe are still active. The hackers are trying to sabotage U.S. telecommunications company Viasat as it coordinates to bring its users back online.
Ever since the Russian forces surged ahead on Feb 24 to invade Ukraine Viasat has been trying to restore normalcy after remotely disabled satellite modems. Insider information suggests a parallel attack was launched at almost exactly the same time. The bad actors used “high volumes of focused, malicious traffic” in a bid to overwhelm Viasat’s network and were still ongoing.
According to a Viasat official, “We’re still witnessing some deliberate attempts. We’ve been seeing repeated attempts by this attacker to alter that pattern to test those new mitigations and defenses.”
The hackers systematically sabotaged satellite modems across Europe – and in Ukraine in particular – on the morning of Russia’s invasion. The hackers of the incident have not been identified, though are believed to be working for Russia’s military intelligence agency, according to the Washington Post.
The hackers managed to hack into the Viasat network taking advantage of a misconfigured virtual private networking device. Being able to gain remote access to the management network for the company’s KA-SAT satellite. It is run by an Italy-based company called Skylogic and serves customers across Europe.
Skylogic did not respond about the incident, though a report suggested the attack was from inside the network, enabling hackers to send rogue commands to tens of thousands of modems all at once. The cyberattack overwrote key chunks of data in the modem’s memory-making them unusable.
The report stated the cyberattacks started around 6:15 a.m. Ukraine time on Feb. 24. It managed to take down the majority of Viasat’s modems in Ukraine. While the parallel attacks using malicious traffic started an hour earlier.
Viasat has not revealed the number of devices affected by the cyberattack, though nearly 30,000 fresh modems had already been shipped to distributors to bring customers back online.