Attack took place one hour before Russia invaded Ukraine

Russia behind cyber-attack on satellite internet network KA-SAT that disrupted Ukrainian infrastructure, says EU

UPDATED The EU has blamed Russia for a powerful cyber-attack that disrupted satellite broadband services in Ukraine and “helped facilitate President Vladimir Putin’s invasion of the country”.

Thousands of modems were knocked offline by the attack on the KA-SAT network, which took place one hour before Russia’s invasion of Ukraine commenced on February 24.

The incident caused communication outages and other disruptions for government websites and banks in Ukraine, and affected several EU Member States that also use the KA-SAT network.

‘Unacceptable’

The KA-SAT satellite and network is operated by US telecoms giant Viasat, which provides connectivity to military as well as commercial customers.

“This unacceptable cyber-attack is yet another example of Russia’s continued pattern of irresponsible behaviour in cyberspace, which also formed an integral part of its illegal and unjustified invasion of Ukraine,” reads a statement issued today (May 10) by the Council of the EU.


Read more of the latest cybersecurity news from Ukraine


Cyber-attacks against critical infrastructure “could spill over into other countries and cause systemic effects putting the security of Europe’s citizens at risk”, it warned.

“The European Union, working closely with its partners, is considering further steps to prevent, discourage, deter and respond to such malicious behaviour in cyberspace. The European Union will continue to provide coordinated political, financial and material support to Ukraine to strengthen its cyber resilience.”

Viasat revealed in a statement issued on March 30 that a “targeted denial of service attack made it difficult for many modems to remain online”, and that an attacker had exploited a misconfiguration in a VPN appliance to gain remote access to the KA-SAT network.

The following day, despite Viasat’s claims that there was “no evidence of any supply-chain interference”, cybersecurity firm SentinelOne suggested that the incident was in fact a supply-chain attack in which wiper malware was deployed against modems.

Viasat reportedly then confirmed that SentinelOne’s findings were “consistent with the facts in our report”.

Russian cyber-war

Although Russian-backed cybercrime groups have apparently been less active since war broke out in Ukraine than many experts predicted, Microsoft last month claimed that at least six Russian nation-state actors had launched damaging cyber-attacks against the country since the invasion began.

As reported by The Daily Swig, Microsoft researchers tracked at least 237 “cyber operations” originating from Russia that “have not only degraded the systems of institutions in Ukraine but have also sought to disrupt people’s access to reliable information and critical life services on which civilians depend, and have attempted to shake confidence in the country’s leadership”.

Kremlin-backed groups were also suspected of being involved in another assault on telecoms infrastructure on March 28, when the networks of a Ukrainian internet service provider (ISP) that supplies the country’s military were taken offline.


This article was updated on May 11 to reflect the fact that, according to Viasat, this incident involved a denial-of-service attack not, as we originally stated, a distributed denial-of-service attack. We also added claims about wiper malware being deployed.


RELATED Microsoft report unmasks at least six Russian actors responsible for cyber-attacks against Ukraine