MILITÄR
Russischer Cyber Krieg gegen die Ukraine
March 3, 2023 -
Weniger als eine Stunde vor Einmarsch russischer Truppen in die Ukraine, haben Hacker die Boden-Infrastruktur der Satellitenfirma Viasat angegriffen, konnten teilweise Internetanschlüsse in Europa blockieren.
The 2023 CrowdStrike Global Threat Report, released this week, highlights the use of AcidRain malware which appeared explicitly designed to disrupt Viasat satellite communications network segments providing internet connectivity to Ukraine.
In what might have been an unintended spillover effect, at least three internet service providers across Europe were also affected, resulting in outages for tens of thousands of customers and the disruption of around 5,800 wind turbines operated by Enercon in Germany.
Researchers have confirmed that the attacker entered AcidRain malware through a vulnerable virtual private network or VPN controlled by Skylogic in Turin, Italy. VPN software only allows authorised users to join a company’s internal network remotely.
From there, the malware moved into one of Viasat’s crown jewels, “the trusted management segment of the KA-SAT network,” according to a report released by Viasat.
Although the KA-SAT was not itself damaged, the attacker sent commands to thousands of modems via the satellite’s 82 spot beams received by satellite dishes around Europe.
Once in the ground network, the AcidRain malware attacked the flash memory of Viasat’s SurfBeam modems. As a result, some 45,000 modems and routers were flooded with junk data, wiping out the flash memory. By April, Viasat shipped 30,000 replacement modems to bring customers back online.
CrowdStrike reports that Russia’s cyber
operations against Ukraine continue, but with a marked reduction in capability, likely reflecting a lack of planning beyond the Kremlin’s expectations of a short military conflict.
- KA-SAT Network cyber attack overview (Viasat)
- 2023 CrowdStrike Global Threat Report
- The Satellite Hack Everyone Is Finally Talking About (Bloomberg)
- Russia hacked an American satellite company one hour before the Ukraine invasion (MIT Technology Review)
- Update on SATCOM Terminal Attacks During the War in Ukraine (IOActive)