Clémence Poirier
Introduction
A few hours prior to the Russian invasion of Ukraine on February 24, 2022, Russia’s military intelligence (GRU) launched a destructive cyberattack against ViaSat’s KASAT satellite network. In specific, the GRU targeted thousands of ViaSat’s SurfBeam 2 modems in Europe, which the Ukrainian Armed Forces depended upon for their internet satellite communications. First, the GRU carried out a Distributed Denial of Service (DDoS) attack against the modems and then exploited a vulnerability in a misconfigured Virtual Private Network (VPN) application. The vulnerability granted the GRU remote access to the KA-SAT management segment and allowed it to execute management commands on a large number of SurfBeam 2 modems simultaneously. The GRU used this ability to deploy a wiper malware (dubbed AcidRain) to overwrite the memory of thousands of SurfBeam 2 modems which rendered them unusable.
The timing of the ViaSat hack prevented the Ukrainian military from using its internet satellite communications to coordinate its response to the Russian invasion. Additionally, the cyberattack also affected military and civilian customers, as well as other infrastructure across Europe. The ViaSat hack is an important example of an offensive cyber operation that has been conducted to prepare the kinetic battlefield for a conventional military incursion.1
No comments:
Post a Comment