WP: Russian military behind hack of satellite communication devices

Eric Kuhnke eric.kuhnke at gmail.com
Fri Mar 25 19:15:53 UTC 2022


Point to multipoint / TDMA contended access VSAT hub and CPE networks are
well known for not having much security. In many setups the remote CPE
modems, which are built from a fairly cheap BOM of hardware, implicitly
trust the hub linecard. Have seen this with 3 different vendors' platforms.

I'd be willing to bet that this was either a malicious firmware push that
was applied to the CPEs without proper authentication methods being in
place, such as CPEs being able to verify a crypto key signed firmware
signature, or a configuration file pushed to the CPEs that knocked them off
the network with incorrect RF/channel/modulation/timing parameters.

Note that the Viasat KA-SAT terminals are at the very lower end of the
market for contended access (64:1 or more) consumer/small business grade
geostationary VSAT. Which is why it sort of makes sense that a lot of them
were used for low data rate SCADA for wind farms and such.




On Thu, 24 Mar 2022 at 20:48, Sean Donelan <sean at donelan.com> wrote:

>
> Not yet official, but the U.S. intelligence community seems to continue
> its rapid release of intelligence.  I think everyone was expecting it,
> especially since Viasat executives declined to say it earlier this week at
> the SATCOM 2022 conference.
>
>
>
>
> https://www.washingtonpost.com/national-security/2022/03/24/russian-military-behind-hack-satellite-communication-devices-ukraine-wars-outset-us-officials-say/
> By Ellen Nakashima
> Today at 10:25 p.m. EDT
>
> U.S. intelligence analysts have concluded that Russian military spy
> hackers were behind a cyberattack on a satellite broadband service that
> disrupted Ukraine’s military communications at the start of the war last
> month, according to U.S. officials familiar with the matter.
>
> The U.S. government, however, has not announced its conclusion publicly.
>
> [...]
>
> The modems were part of Viasat’s European satellite network, KA-SAT. The
> company uses distributors in Europe to sell Internet service, which relies
> on modems, to customers. The company is shipping new modems to the
> distributors so they can get them to affected customers, the official
> said.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220325/af558cc5/attachment.html>


More information about the NANOG mailing list