US And Allied Intelligence Service Accuses Russia Of Hacking Europe's Internet Network During Invasion Of Ukraine

JAKARTA - Western intelligence agencies are investigating a cyber-attack by unknown hackers who disrupted broadband satellite internet access in Ukraine. According to three sources with direct knowledge of the incident, this hack occurred to coincide with the Russian invasion, February 24.

Analysts for the US National Security Agency, French government cybersecurity organization ANSSI and Ukrainian intelligence are still investigating whether the remote sabotage of the satellite internet provider's services was the work of Russian-backed hackers, who prepared the battlefield by trying to cut off Ukrainian communications.

The digital attack on the satellite service began on February 24 between 05:00 and 09:00 local time, just as Russian troops started to enter and fire missiles and attack major Ukrainian cities, including the capital, Kyiv.

According to an official with US telecommunications company Viasat, whose internet network was also affected, satellite modems belonging to tens of thousands of customers in Europe were also turned off by the attack. Other consequences are still being investigated.

The hackers disabled a modem that communicated with Viasat Inc's KA-SAT satellite, which supplies internet access to some customers in Europe, including Ukraine. More than two weeks later some networks remain offline, a Viasat source told Reuters.

The incident, which appears to be one of the most significant and publicly disclosed cyberattacks of wartime, has attracted the interest of Western intelligence because Viasat acts as a defense contractor for the United States and its many allies.

Government contracts reviewed by Reuters show that KA-SAT has provided internet connectivity to Ukrainian military and police units.

Pablo Breuer, a former technologist for the US special operations command, or SOCOM, said turning off satellite internet connectivity could hamper Ukraine's ability to fight Russian forces.

“Traditional land radio only goes so far. If you're using modern smart systems, smart weapons, trying to maneuver combined weapons, then you have to rely on these satellites," Breuer said.

The Russian Embassy in Washington did not immediately comment on the allegations. Moscow has repeatedly denied accusations that it participated in the cyber-attack.

Russian troops have surrounded Ukrainian cities in what the Kremlin has described as a "de-Nazification" operation. The operation has been denounced by the West as an unprovoked attack. The attack led to heavy sanctions against Moscow in retaliation.

Viasat said in a statement that the disruption for customers in Ukraine and elsewhere was triggered by "deliberate, isolated and external cyber events" but had not provided a detailed public explanation of what happened.

"The network is stable and we are restoring service and activating the terminal as quickly as possible," Viasat spokesman Chris Phillips said in an email. He added that the company was prioritizing "critical infrastructure and humanitarian assistance."

The affected modems appear to be completely out of service, according to Jaroslav Stritecky, who runs Czech telecommunications company INTV. Normally, he said, the four status lights on a curved SurfBeam 2 modem would indicate whether they were connected to the internet. After the attack, the lights on the Viasat-made device didn't turn on at all.

Viasat officials said a misconfiguration in the "management section" of the satellite network had allowed hackers to access modems remotely and took them offline. He said most of the affected devices needed to be reprogrammed either by onsite technicians or at the repair depot and some equipment had to be replaced.

Viasat officials did not explain explicitly what the network's "management department" was referring to and declined to provide further details. KA-SAT and associated ground stations, which Viasat bought last year from European company Eutelsat, are still operated by a subsidiary of Eutelsat.

Viasat has hired US cybersecurity firm Mandiant, which specializes in tracking state-sponsored hackers. They are assigned to investigate the intrusion. But spokeswomen for the NSA, ANSSI and Mandiant declined to comment on the matter.

Viasat said government clients who get services directly from the company were not affected by the disruption. However, the KA-SAT network is operated by a third party, which in turn provides services through various distributors.

Over the past few years, the Ukrainian military and security services have purchased several different communication systems that run through the Viasat network, according to contracts posted on ProZorro, Ukraine's transparency platform. But the Ukrainian military did not immediately comment on the matter.

Some internet distributors are also still waiting to replace their compromised devices.

Stritecky, the Czech telecommunications executive, said he did not blame Viasat for the incident.

He remembers starting work the morning of the invasion and seeing monitors showing regional satellite coverage in the Czech Republic, neighboring Slovakia, and Ukraine all in red. "It was immediately clear what happened," he said.