The American satellite Internet provider Viasat confirmed that on the first day of the military conflict in Ukraine, the Viasat KA-SAT network was subjected to a “multifaceted and deliberate cyberattack.”
According to the American communications company, the cyberattack affected several thousand customers located in Ukraine and tens of thousands of other fixed broadband customers in Europe. The attack was limited to the KA-SAT network segment and affected “several SurfBeam2 and SurfBeam 2+ modems and associated client equipment (CPE) physically located in Ukraine.”
The incident was localized in one segment of the KA-SAT network, which is managed on behalf of Viasat by Skylogic (a subsidiary of Eutelsat). The affected household broadband modems use the Tooway service brand.
The network remained offline for several days. Precautions have been taken to ensure the security of other important back-office applications and reporting/analytics services.
Viasat also reported that the initial attack vector was an incorrectly configured VPN device that the attackers used to gain remote access to the KA-SAT network.
Viasat continues to investigate the cyber incident together with specialists from Mandiant, Eutelsat/Skylogic, as well as with law enforcement agencies and government agencies of the United States and other countries.