Skip to content

Major Cyber Incident: KA-SAT 9A

Other incident names: Viasat, AcidRain

About KA-SAT 9A

The GEO satellite broadband services of the US communications company Viasat (KA-SAT 9A network) were disrupted in parts of Europe when the Russian military offensive against Ukraine commenced in February 2022. While the attack caused widespread disruptions to Ukrainian satellite-based communications in the early hours of the Russian invasion on 24 February 2022, it also affected the KA-SAT networks in large parts of Western Europe. The threat intelligence company SentinelOne found some “non-trivial developmental similarities” between components of AcidRain and the VPNFilter malware. This malware is widely acknowledged as being deployed by the Russian APT Sandworm, which is affiliated with the Russian military intelligence agency GRU; however, SentinelOne refrained from explicitly attributing AcidRain to Sandworm. On a political level, several governments supported the generic attribution of the KA-SAT hack to Russia, referring to US and UK intelligence findings published on 10 May 2023. So far, the Viasat incident is widely viewed as the most disruptive cyber operation of the Russian war against Ukraine, although it is understood to have had a limited impact on the conventional military campaign.

Timeframe

24 February to 15 March 2022

Incident Type

Wiper: Disruption, Hijacking with Misuse

Initiator

Russian Military Intelligence: GRU (likely Sandworm)

Affected Target

Telecommunications infrastructure (Satellite Internet) in Ukraine and wide swaths of Europe

More Major Cyber Incidents (MaCIs)

  • Research and Analysis
Major Cyber Incident: SolarWinds

26 September 2024
In this detailed analysis, Linda Liang and Mika Kerttunen discuss the hack on SolarWinds, a costly supply chain attack by a Russian state-integrated hacking group which led to dozens of entities being compromised worldwide.
Major Cyber Incident: BAPCO

15 February 2023
In this detailed analysis, Mika Kerttunen and Linda Liang discuss the attack on Bahraini oil company BAPCO by Iranian state-backed hackers.

Welcome to our Cyber Incident Dashboard!

For best results, please view on a desktop device.