AcidRain Attack on the Viasat Network

On February 24, 2022, just hours before the Russian invasion of Ukraine, thousands of ground-based network modems on the Viasat network unexpectedly went offline. In the coming days, network administrators got to the bottom of what had happened with help from the American National Security Agency and researchers from SentinelOne. A form of malware, called “AcidRain” was used to disable the modems after cyber attackers were able to enter a high-level part of the Viasat network through a poorly configured VPN. Commands were issued on the network to wipe the flash memory of the modems. Although the damage done to the modems could be reversed through software, the attack still had significant impacts on Ukraine’s ability to communicate, as well as other parts of Europe. Viasat satellites and other parts of the ground infrastructure were not affected by the attack. Investigation shows that the attack was of Russian origin.

How does this relate to space systems cybersecurity? The attack shows that space-based satellite networks are not only vulnerable via attacks to the spacecraft themselves. The overall mission and abilities of the satellite network can be disrupted by attacking related support networks on the ground which can be easier to access.

Information retrieved from the following: