In late February 2022, just hours before Russia began its invasion of Ukraine, Russia had carried out a cyberattack that disrupted satellite communications in Ukraine; as determined by U.S. and European officials. The attack targeted ViaSat’s KA-SAT system, which provides high-speed satellite communications to Ukraine, and resulted in thousands of Ukrainians being disconnected from the internet. The hack also disrupted Ukraine’s ability to communicate with its troops during the invasion. The effects of the cyberattack were not limited to Ukraine, as it also interrupted satellite communications in the EU and affected 5,800 wind turbines in Germany. U.S. officials suspect that the GRU, Russia’s military intelligence agency, was responsible for the attack, which was accomplished by hacking and sabotaging ground-based modems that disrupted communication with the satellites.
The attack was revealed when thousands of Viasat ground terminals were taken down through a software supply chain attack delivering a Wiper malware variant. These terminals provide a connection between satellite communications and Internet-based networks. The malware, dubbed “AcidRain,” attempted to perform an in-depth wipe of several file systems, and if it was running with root privileges (a top-level system access considered to be privileged), it also executed a broader overwrite function to delete data it could access.