This advisory comes amid an investigation spearheaded by investigation teams from the US and Europe regarding service outages at Viasat internet service.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have collectively issued an advisory, warning satellite communications network (SATCOM) providers to augment security.

Possible Threats to SATCOM Services

According to the FBI and CISA’s joint advisory released this week, the US and international SATCOM networks could be a target of “possible threats”. If exploited successfully, these networks can intensify the risks for SATCOM network customer environments.

The agency also included mitigation strategies that SATCOM operators and their clients can adopt to prevent intrusion.

Viasat Network Blocked in Ukraine

This advisory comes amid an investigation spearheaded by investigation teams from the US and Europe regarding service outages at Viasat internet service. This service is offered to fixed broadband customers in Ukraine and other countries under the European KA-SAT satellite network.

The outage occurred on February 28th, 2022, soon after Russia invaded Ukraine, and the same day, Enercon, a Germany-based energy firm, reported that a satellite outage disrupted remote communications to over 5,800 wind turbines.

On March 11th, Reuters reported that the NSA (National Security Agency), ANSSI (French cybersecurity wing), and intelligence services from Ukraine were investigating the service outage at Viasat’s broadband satellite access.

The NSA stated that a “potential cyberattack” disconnected thousands of small-aperture terminals. These terminals receive data to-and-from a satellite network.

  1. Satellite Internet connections can easily be intercepted by hackers
  2. Elon Musk warns of possible targeted attacks on Starlink in Ukraine
  3. Kaspersky Claims Russian Government Hacking Groups Hacked Satellites

According to Viasat, a partial outage was caused to its broadband satellite access. It seems to be a “deliberate, isolated, and external cyber event,” which the company has addressed, and the network is stable now. However, 18 days after the outage occurred, Netblocks reported Netblocks that Viasat’s KA-SAT network was still affected.

Cybercriminals Looking to Target SATCOM Network Providers- CISA, FBI
NetBlocks is a watchdog organization that monitors cybersecurity and cyberattacks related events globally also confirmed the attack.

CISA Recommends

It is worth noting that in February 2022, CISA launched the “Shields Up” initiative. Under this initiative, the agencies urge SATCOM operators and their customers to “lower their threshold” significantly regarding reporting/sharing signs of malicious cyber activity.

The agencies are concerned that sanctions against Russia have increased the risk of cyberattacks on critical infrastructure and organizations in the US. 

Therefore, agencies recommend that SATCOM operators review their communications’ security to-and-from end-user terminals and check the February report from the Office of the Director of National Intelligence providing details on Russia’s anti-satellite technologies. This includes directed energy weapons to jam civilian and military satellite GPS along with communication services.

Furthermore, CISA recommends that SATCOM operators use secure authentication methods like MFA for all accounts used to administer, access, or manage networks.

Posted by Charlie