For the past week, all eyes have been on Viasat. This American company specializing in satellite internet has been facing disruptions to its service since February 24, the date of the start of the Russian offensive on Ukraine. In its press releases, the company cautiously mentions a “cyber event” as the origin of the disturbances observed by users. But several sources have come to clarify the contours of this “cyber event” in recent days.
It is first of all a speech by a senior officer of the French army, General Michel Friedling, at the head of the space command since 2019. During a press conference Thursday, March 3, he mentioned the disturbances that affected the satellite internet operator. For the general, it is indeed a computer attack at the source of the problem. “The information we have indicates that some tens of thousands of terminals were rendered inoperative immediately after this attack,” explained the general, adding that some of the terminals affected could be “irreparable. In other words, the cyberattack would rather have targeted the modems allowing users to receive the satellite stream.
The trail of a malicious update
Confirming this information, an article in the German magazine Der Spiegel also leans towards a computer attack that targeted the terminals used by Viasat subscribers to connect to the internet via satellite. The journalists of Der Spiegel thus rely on reports from the German cybersecurity agency, the BSI, which they have been able to consult. According to German authorities, the attack took the form of a malicious update distributed to users of the KA-SAT network. This would have blocked the connectivity of users’ modems, preventing them from accessing the Internet.
If a DdoS attack had been mentioned at first, the Spiegel journalists indicate that the German authorities are considering a sophisticated attack instead, without directly pointing the finger at a particular actor behind the attack. Moreover, the investigation into the cause of the attack is still ongoing. The BSI nevertheless indicates that the timing of the attack and the significant use of this service on Ukrainian territory are elements suggesting a link with the war in Ukraine.
Collateral victims
Since the beginning of the offensive, several computer attacks have been identified around the country, but the attack targeting Viasat stands out for its collateral effects. Der Spiegel thus explains that more than 3000 wind turbines installed in Germany whose remote maintenance operations were carried out via the Viasat satellite network are currently inaccessible. They continue to operate as expected, but the cyberattack disrupts necessary maintenance operations.
In France, many NordNet and Bigblu subscribers have been affected by loss of connectivity since February 24. The two companies operate the satellites offered by ViaSat to offer an internet connection to their customers. the last press release from NordNetbroadcast on Saturday, explained that the incident encountered by their supplier was still ongoing.