VIASAT Cyberattack

VIASAT Cyberattack

Incident Date : 2022 | Topic : Cyber | Region : Europe | Tag : Case Study

On February 24, 2022, as Russian troops moved into Ukraine, a massive cyber attack was caried out against the ground infrastructure of the KA-SAT satellite, owned by US company Viasat and responsible for beaming high speed internet to people across Europe, causing a huge loss in communications at the very outset of the war.

A subsequent investigation revealed that the attack was likely the result of a destructive wiper malware called ‘AcidRain’ which is designed to remotely erase vulnerable modems and routers.  Traces of the malware and its operation point to Russian origin. It is important to highlight that this is the not the first time that a Russian cyber attack has preceded a physical attack or invasion. Russian cyber attacks immediately preceded both the 2008 Russo-Georgian War and the 2014 annexation of Crimea.

One reason why this attack is particularly significant is its spillover into the rest of Europe. While the attack targeted Ukraine, people using satellite internet connections were knocked offline all across Europe from Poland to France. A full month after the attack disruptions continue throughout Europe. Thousands remain offline, including critical infrastructure and roughly 2,000 wind turbines belonging to the German energy company Enercon are still disconnected in Germany and cannot be reset or controlled remotely.  Many other European companies are racing to replace broken modems or fix connections with updates.  Russia has also launched cyber-attacks against Ukraine in both 2015 and 2017 during periods of heightened conflict.

The spillover impact of this attack is a key example of incidental damage, whereby a relatively simple attack spreads, either intentionally or accidentally, far beyond its original target and has a wide and significant impact on state and critical infrastructure, such as Enercon wind turbines in Germany.

The risk of spillover is the key takeaway from this attack.  While a cyber attack may target one country or one infrastructure, it may pose a far greater threat to neighboring countries or interdependent infrastructures.  As such, ASERO recommends that countries and corporations pay close attention to and invest in protecting critical infrastructure from cyber threats, taking into account possible spillover effects and the need for backups and redundancy.

Click here to apply to receive our full case study analysis, including insights and recommendations.