Viasat hack
| Viasat Hack; KA-Sat Attack | |||||
|---|---|---|---|---|---|
| Part of Russian invasion of Ukraine | |||||
| |||||
| Belligerents | |||||
| Commanders and leaders | |||||
| Malware details | |||||
| Technical name | AcidRain | ||||
| Type | Wiper malware | ||||
| Subtype | Modem / Router firmware Flash memory eraser | ||||
| Classification | Cyberwarfare cyberattack | ||||
| Family | VPNFilter | ||||
| Isolation date | 15 March 2022 | ||||
| Authors | Fancy Bear, Sandworm | ||||
| Cyberattack event | |||||
| Date | 23-24 February 2022 | ||||
| Target | Eutelsat | ||||
| Suspect | 5.188.159.169 | ||||
| Technical details AcidRain (SentinelOne / “ukrop” sample) — ELF 32-bit MIPS binary | |||||
| Platforms |
| ||||
| Package | Standalone ELF binary | ||||
| Filetype | ELF 32-bit MIPS executable | ||||
| Abused exploits | Viasat/Skylogic management network | ||||
| Written in | Compiled C/C/C++ | ||||
The Viasat hack was a cyberattack against the satellite internet system of American communications company Viasat which affected their KA-SAT network. The hack happened on the day of Russia's invasion of Ukraine. This was a hack in three stages and two events; gaining entry into a facility, uploading a malware to a satellite, and then having that satellite beam that signal back down to Earth, targeted at internet modems throughout Ukraine. Collateral spillover did leak outside of the borders of Ukraine, impacting internet modems in Germany, Scandinavia, the United Kingdom, and elsewhere throughout Europe.