WP: Russian military behind hack of satellite communication devices

• Previous message (by thread): WP: Russian military behind hack of satellite communication devices
• Next message (by thread): Cogent pulled out of Russia based on risk analysis
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 25 Mar 2022, Eric Kuhnke wrote:
> I'd be willing to bet that this was either a malicious firmware push that
> was applied to the CPEs without proper authentication methods being in
> place, such as CPEs being able to verify a crypto key signed firmware
> signature, or a configuration file pushed to the CPEs that knocked them off
> the network with incorrect RF/channel/modulation/timing parameters.

https://www.airforcemag.com/hackers-attacked-satellite-terminals-through-management-network-viasat-officials-say/

“The terminal management network … that manages the KA-SAT network, and 
manages other Eutelsat networks—that network was penetrated,” said one 
Viasat official. “And from there, the hackers were able to launch an 
attack against the terminals using the normal function of the management 
plane of the network.”

[...]

The attack compromised the management plane—the part of the network that 
controls customer terminals to ensure they can communicate with the 
satellite, the Viasat officials said. The hackers had abused that 
functionality to change the software configuration on the terminals and 
render them inoperable.

But, contrary to some early reports, the attack did not brick the 
terminals. “It did not make them permanently inoperable,” said the second 
official. “Every single terminal that was knocked off the air can be 
brought back with a software update.” Although the network is generally 
capable of updating terminals over the air, by downloading new software 
via the satellite link, many of the terminals attacked cannot be brought 
back online by the customer, and so can’t get the required update over the 
air. Those will have to be updated by tech support staff, the first 
official said.

[...]
Despite this, Viasat was now bringing “thousands of terminals back online 
per day, and will have the network completely restocked and back to full 
capacity within a few weeks,” the first official said.

[...]
Editor’s Note: This story was updated at 3:15 p.m. on March 25 to correct 
some technical issues with how the KA-SAT network and other assets were 
described

• Previous message (by thread): WP: Russian military behind hack of satellite communication devices
• Next message (by thread): Cogent pulled out of Russia based on risk analysis
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]