Major Cyber Incident: KA-SAT 9A
Other incident names: Viasat, AcidRain
- 4 Oktober 2023
- Kerttunen, Mika; Schuck, Kim; Hemmelskamp, Jonas
- EN
About KA-SAT 9A
The GEO satellite broadband services of the US communications company Viasat (KA-SAT 9A network) were disrupted in parts of Europe when the Russian military offensive against Ukraine commenced in February 2022. While the attack caused widespread disruptions to Ukrainian satellite-based communications in the early hours of the Russian invasion on 24 February 2022, it also affected the KA-SAT networks in large parts of Western Europe. The threat intelligence company SentinelOne found some “non-trivial developmental similarities” between components of AcidRain and the VPNFilter malware. This malware is widely acknowledged as being deployed by the Russian APT Sandworm, which is affiliated with the Russian military intelligence agency GRU; however, SentinelOne refrained from explicitly attributing AcidRain to Sandworm. On a political level, several governments supported the generic attribution of the KA-SAT hack to Russia, referring to US and UK intelligence findings published on 10 May 2023. So far, the Viasat incident is widely viewed as the most disruptive cyber operation of the Russian war against Ukraine, although it is understood to have had a limited impact on the conventional military campaign.
Timeframe
24 February to 15 March 2022
Incident Type
Wiper: Disruption, Hijacking with Misuse
Initiator
Russian Military Intelligence: GRU (likely Sandworm)
Affected Target
Telecommunications infrastructure (Satellite Internet) in Ukraine and wide swaths of Europe
Mehr Major Cyber Incidents (MaCIs)
- Research and Analysis