Viasat on Ukraine Outage: Hackers Used Misconfigured VPN to Gain Remote Access

pcmag.com:

Hackers exploited a misconfigured VPN device to gain access to Viasat's satellite network and cause a massive internet outage in Europe right as Russia began to invade Ukraine.

US-based Viasat today published a detailed report on the Feb. 24 cyberattack that shut down internet access for “several thousand customers” in Ukraine and tens of thousands more in Europe. 

According toThe Washington Post, US intelligence suspects Russian military hackers pulled off the disruption. Viasat didn’t assign blame, but the company said the attack targeted network infrastructure that French satellite company Eutelsat has been operating on behalf of Viasat. 

“This incident was localized to a single consumer-oriented partition of the KA-SAT network that is operated on Viasat’s behalf by a Eutelsat subsidiary, Skylogic, under a transition agreement Viasat signed with Eutelsat following Viasat’s purchase of Euro Broadband Infrastructure Sàrl,” the company explained. 

Viasat added: “Subsequent investigation and forensic analysis identified a ground-based network intrusion by an attacker exploiting a misconfiguration in a VPN appliance to gain remote access to the trusted management segment of the KA-SAT network.” 

This gave the hackers the ability to tamper with the satellite network. They executed “legitimate, targeted management commands” but across a large number of residential modems simultaneously. The result knocked many of the modems offline. 

"Specifically, these destructive commands overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable,” Viasat said. 

“Ultimately, tens of thousands of modems that were previously online and active dropped off the network, and