DOCUMENTING HYBRID WARFARE / — incidents / UPDATED LATEST: 
Sabotage Watch SABOTAGEWATCHHybrid Threat Monitor
Cyber

Viasat KA-SAT outage at start of Russia’s invasion (Europe-wide impact)

24 February 2022 · Europe-wide
Satellite Imagery © Esri

What happened

On 24 February 2022, roughly one hour before Russia launched its full-scale invasion of Ukraine, a cyberattack struck the KA-SAT satellite broadband network operated by US firm Viasat. Investigators determined that attackers exploited a misconfigured VPN appliance to gain access to the network's management segment, then issued commands that deployed destructive 'wiper' malware to tens of thousands of consumer modems simultaneously, rendering them inoperable. The malware, identified by SentinelOne researchers as a new strain dubbed 'AcidRain,' was designed to permanently disable modems and routers.

The attack's primary target was Ukrainian military communications, which relied on KA-SAT for command and control, causing an immediate loss of connectivity in the war's opening hours. The disruption also spilled across Europe, knocking offline modems serving public authorities, businesses and private users in several EU member states. In Germany, energy company Enercon lost remote monitoring of about 5,800 wind turbines, and thousands of satellite-internet subscribers in countries including France, Italy, Greece, Hungary and Poland were cut off. The UK NCSC assessed Russia was 'almost certainly responsible,' and on 10 May 2022 the EU, UK and US, alongside partners, formally condemned and attributed the operation to the Russian Federation.

Assessment

The Viasat KA-SAT incident is one of the most significant cyber operations of the war's opening phase and a landmark case of a wiper attack with cross-border 'spillover' effects. It demonstrated how an operation aimed at degrading an adversary's military communications can indiscriminately disrupt civilian infrastructure across multiple countries, including critical-sector systems such as energy. The coordinated 10 May 2022 attribution by the EU, UK, US and allied states marked a notable instance of collective state attribution. The episode exposed the security fragility of commercial satellite networks. Russia denies responsibility.

This dossier summarises open-source reporting and is updated as the investigation develops. Read the original report via the source link.