The operator Viasat has finally published its incident report on the cyber attack which bricked several thousand modems in Europe on February 24, the first day of the Russian offensive in Ukraine.
As a reminder, approximately 10,000 users who use the KA-SAT satellite to connect to the Internet are concerned in France.
How were modems reached?
The investigation determined that the attackers exploited a flaw in a VPN gateway to gain remote access to the network management center. They then used it to run commands on a large number of home modems.
“Specifically, these destructive commands overwrote key data in the modems’ flash memory, rendering the modems unable to access the network, but not permanently unusable”can we read in the report.
A kind of update firmware which turns into a disaster. Viasat describes this incident as“targeted denial of service attack”.
Who was affected?
Only the part of the network dedicated to the general European public has been reached. This segment is operated on behalf of Viasat by a subsidiary of Eutelsat, Skylogic. The affected residential broadband modems used the Tooway service mark. This cyberattack did not impact other users such as government actors, nor in other parts of the world.
Also see video:
Is the material reusable?
Viasat has analyzed copies of the affected modems and found no anomalies with the electrical, physical or electronic components of the modem, nor any corruption of the Viasat modem software or firmware images.
“Modems can be fully restored via factory reset”says the operator.
Some end customer modems may have been updated. An operation which unfortunately proved to be insufficient in many cases. New modems are then provided to restore service. Viasat says it has already shipped 30,000 new replacement boxes and is ready to continue if needed. But he is not in direct contact with customers.
The operator says it continues to investigate alongside Mandiant, a cybersecurity expert, recently acquired by Google. Eutelsat/Skylogic, as well as US and international government agencies are also still involved in these investigations.
Source: viasat