More than 22,000 miles above Earth, KA-SAT is locked in orbit. Traveling at 7,000 miles per hour, in sync with the planet’s rotation, the satellite beams high-speed internet to people across Europe. Since 2011 it helps homeowners, businesses and the military get online. However, when Russian troops entered Ukraine in the early hours of February 24, satellite Internet connections were disrupted. A mysterious cyberattack on the satellite’s ground infrastructure, not the satellite itself, has plunged tens of thousands of people into internet darkness.
Among them were units of the defense of Ukraine. “It was a really huge loss in communications at the very beginning of the war,” Viktor Zhora, a senior official at Ukraine’s cyber security agency, the State Services for Special Communication and Information Protection (SSSCIP), reportedly said two weeks later. He did not provide further details, and SSSCIP did not respond to WIRED’s request for comment. But last year’s attack on the satellite internet system owned by US company Viasat had even wider implications. People using satellite internet connections were disconnected from the grid across Europe, from Poland to France.
Almost a month after the attack, the outages continue. Thousands still remain offline in Europe – around 2,000 wind turbines are still offline in Germany – and companies are racing to replace damaged modems or fix connections with updates. Multiple intelligence agencies, including those in the US and Europe, are also investigating the attack. The Viasat hack is perhaps the largest publicly known cyber attack since Russia’s invasion of Ukraine, and it stands out for its impact beyond Ukraine’s borders. But questions remain about the details of the attack, its purpose and who carried it out – although experts have their suspicions.
Satellite Internet connections are often used in areas with low cable coverage and are used by ordinary citizens as well as official organizations. The setup is different from your typical home or office Wi-Fi network, which relies mostly on wired broadband connections. “Satellite communications consists of three main components,” says Leticia Cesari Zarcan, a consultant at the United Nations Institute for Disarmament Studies and a doctoral student at the University of Luxembourg. First, there is a spacecraft that is in orbit that is used to send “spot beams” back to Earth; these beams provide internet coverage to certain areas of the earth. These rays are then picked up by satellite dishes on the ground. They can be attached to the side of buildings or in airplanes to power Wi-Fi in flight. Finally, there are terrestrial networks that communicate and can configure people’s systems. “The terrestrial network is a collection of ground stations connected to the Internet by fiber optic cables,” says Zarkan.
Apart from Zhora’s comment, the Ukrainian government remained silent on the attack. However, satellite communications, also known as satcom, appear to be widely used in the country. Ukraine has the world’s most transparent system for tracking government spending, and multiple government contracts show SSSCIP and the police have purchased the technology. For example, during the elections in Ukraine in 2012. more than 12,000 satellite internet connection points were used to monitor the vote, official documents seen by European cybersecurity firm SEKOIA.IO show.
“To disrupt satellite communications, most people — myself included — would look at the signal in space because it’s exposed,” says Peter Lemme, an aviation specialist who also writes about satellite communications. “You could transmit signals to the satellite that would effectively jam its ability to receive signals from legitimate modems.” Elon Musk has hard that the Starlink satellite systems he sent to Ukraine were facing jamming attacks.
However, an attack against Viasat may not involve jamming. The attack on the network was a “deliberate, isolated and external cyber event,” according to Viasat spokesman Chris Phillips. The attack only affected fixed broadband customers and did not cause disruption to Viasat’s U.S. airline or government customers, the company said, and did not affect any customer data. However, people’s modems failed to connect to the network and were “made unusable”.
On Tuesday, Viasat Chairman Mark Dankberg told a satellite conference that the company bought KA-SAT in Europe last year and its customer base was still managed by a third party as part of the transition. “We believe that for this particular event it was preventable, but we didn’t have that capability in this case,” Dankberg said, confirming that thousands of modems had been shut down. “In most cases of offline modems, they need to be replaced. They can be upgraded, so we recycle the modems,” said Dankberg.
