Zum Inhalt springen

Major Cyber Incident: KA-SAT 9A

Other incident names: Viasat, AcidRain

About KA-SAT 9A

The GEO satellite broadband services of the US communications company Viasat (KA-SAT 9A network) were disrupted in parts of Europe when the Russian military offensive against Ukraine commenced in February 2022. While the attack caused widespread disruptions to Ukrainian satellite-based communications in the early hours of the Russian invasion on 24 February 2022, it also affected the KA-SAT networks in large parts of Western Europe. The threat intelligence company SentinelOne found some “non-trivial developmental similarities” between components of AcidRain and the VPNFilter malware. This malware is widely acknowledged as being deployed by the Russian APT Sandworm, which is affiliated with the Russian military intelligence agency GRU; however, SentinelOne refrained from explicitly attributing AcidRain to Sandworm. On a political level, several governments supported the generic attribution of the KA-SAT hack to Russia, referring to US and UK intelligence findings published on 10 May 2023. So far, the Viasat incident is widely viewed as the most disruptive cyber operation of the Russian war against Ukraine, although it is understood to have had a limited impact on the conventional military campaign.


24 February to 15 March 2022

Incident Type

Wiper: Disruption, Hijacking with Misuse


Russian Military Intelligence: GRU (likely Sandworm)

Affected Target

Telecommunications infrastructure (Satellite Internet) in Ukraine and wide swaths of Europe

Mehr Major Cyber Incidents (MaCIs)

  • Research and Analysis
Major Cyber Incident: NotPetya22

22 März 2023
In dieser Analyse erörten Mika Kerttunen und Jonas Hemmelskamp den Angriff „NotPetya”, der der russischen APT Sandworm zugeschrieben wird und von den Vereinigten Staaten als die „zerstörerischste und kostspieligste Cyber-Attacke der Geschichte” bezeichnet wurde.
Major Cyber Incident: BAPCO

15 Februar 2023
In dieser detaillierten Analyse erörtern Mika Kerttunen und Linda Liang den Angriff auf den bahrainischen Ölkonzern BAPCO durch vom iranischen Staat unterstützte Hacker.

Welcome to our Cyber Incident Dashboard!

For best results, please view on a desktop device.