A major cyberattack that affected Viasat moments before the Russian invasion of Ukraine was orchestrated by Russia. What exactly did the attack do, how did the malware damage modems, and was there any measurable impact on Ukrainian forces?
What exactly did the attack do?
Just an hour before Russia launched its invasion of Ukraine in February 2022, Viasat suffered a large-scale attack on its high-speed satellite internet service. Until recently, the culprits of the attack could not be identified with certainty, but recent reports from various government agencies, including the EU, US and UK, have confirmed that Russia was indeed responsible. The service is believed to have come under attack because Viasat provides internet services to commercial and military services. Thus, attacking Viasat would give Russia an advantage in its surprise invasion.
Even though military forces use Viasat, the attack also interfered with non-military users. One example that particularly stood out was the loss of 5,800 wind turbines in Central Europe with a combined capacity of 11 GW. Additionally, it has been estimated that up to 30,000 modem terminals have been permanently damaged and need to be replaced.
So far, Viasat has been able to replace approximately 11,000 customer modems to help bring systems back online while fixing potential security vulnerabilities that allowed hackers to enter the network and damage modems. According to Viasat, the attack was directed against KA-SAT networks which are not directly managed by Viasat and if the attack had targeted the main network, it would have been stopped.
How did malware damage modems?
One fact that seems to be glossed over by several news reports is how the attackers were able to permanently damage the modems. It is logical for software systems to remain compromised or inoperative, but it is unusual for modems to stop working.
To damage modems, hackers used malware called AcidRain. Once installed on a device, this malware proceeds to recursively erase non-standard files from the file system (i.e. it enters each folder, erases the contents and goes back up). Additionally, the malware also targets files from known storage devices, making recovery virtually impossible.
The malware itself easily spread to all currently connected modems and routers through legitimate management commands that would otherwise provide firmware updates. The malware has also been coded in a way to make it as generic as possible by not targeting any specific platform. Although the devices are indeed blocked after being affected, some reports suggest that a factory reset may fix the problem, but other reports have indicated that tens of thousands of modems are now unusable. This may be because on-board flash memory that has been erased may not be easy to reprogram (i.e., lack of programming port, access pins, or unique write).
Was there an effect on the Ukrainian army?
Trying to determine the effect of the attack on the Ukrainian military is difficult to pin down for several reasons. First, an army is unlikely to describe in detail the effects of an attack, as this may give the opposition a better understanding of their attack. Second, information from military forces is usually limited in times of war, as the military is more concerned with active campaigns than writing press releases. Another reason why it is difficult to assess the extent of the disruption to the Ukrainian military is that much of the Ukrainian military was affected (including command centers) in the early hours of the war. initial invasion. This saw parts of the army somewhat fragmented, making communications difficult.
Finally, the Ukrainian army was massively aided by British and American intelligence, providing target data, satellite images and confidential information from the Russian side, which could be far more valuable than the satellite communication network. The Ukrainian army may even have had access to American satellites for communication (which has already happened with Elon Musk’s Starlink).
Ukraine has suffered constant cyberattacks over the past decade from Russia, and during that time it has been able to put up strong defenses. We cannot say for sure the impact of the Viasat attack on Ukraine, but what we can be sure of is that Ukraine continues to resist and push back the Russian invaders despite everything.