Point to multipoint / TDMA contended access VSAT hub and CPE networks are well known for not having much security. In many setups the remote CPE modems, which are built from a fairly cheap BOM of hardware, implicitly trust the hub linecard. Have seen this with 3 different vendors' platforms.
I'd be willing to bet that this was either a malicious firmware push that was applied to the CPEs without proper authentication methods being in place, such as CPEs being able to verify a crypto key signed firmware signature, or a configuration file pushed to the CPEs that knocked them off the network with incorrect RF/channel/modulation/timing parameters. Note that the Viasat KA-SAT terminals are at the very lower end of the market for contended access (64:1 or more) consumer/small business grade geostationary VSAT. Which is why it sort of makes sense that a lot of them were used for low data rate SCADA for wind farms and such. On Thu, 24 Mar 2022 at 20:48, Sean Donelan <[email protected]> wrote: > > Not yet official, but the U.S. intelligence community seems to continue > its rapid release of intelligence. I think everyone was expecting it, > especially since Viasat executives declined to say it earlier this week at > the SATCOM 2022 conference. > > > > > https://www.washingtonpost.com/national-security/2022/03/24/russian-military-behind-hack-satellite-communication-devices-ukraine-wars-outset-us-officials-say/ > By Ellen Nakashima > Today at 10:25 p.m. EDT > > U.S. intelligence analysts have concluded that Russian military spy > hackers were behind a cyberattack on a satellite broadband service that > disrupted Ukraine’s military communications at the start of the war last > month, according to U.S. officials familiar with the matter. > > The U.S. government, however, has not announced its conclusion publicly. > > [...] > > The modems were part of Viasat’s European satellite network, KA-SAT. The > company uses distributors in Europe to sell Internet service, which relies > on modems, to customers. The company is shipping new modems to the > distributors so they can get them to affected customers, the official > said. >
