Security Experts:

Connect with us

Hi, what are you looking for?



SATCOM Cybersecurity Alert Issued as Authorities Probe Possible Russian Attack

CISA and FBI issue warning over SATCOM cybersecurity

CISA and FBI issue warning over SATCOM cybersecurity

The US Cybersecurity and Infrastructure Security Agency and the FBI on Thursday released a new alert to warn satellite communication (SATCOM) networks about potential cyber threats. The warning comes just as Western intelligence agencies have launched an investigation into attacks — possibly launched by Russia — against satellite internet services.

CISA and the FBI have made a series of recommendations to help SATCOM network providers and customers strengthen cybersecurity.

Network providers have been advised to implement additional monitoring capabilities for anomalous traffic related to SATCOM equipment. They have also been advised to read a recent threat assessment report from the Office of the Director of National Intelligence, which describes the threat posed by Russia to satellites, as well as Moscow’s capabilities.

The agencies have advised SATCOM network providers and customers to use secure authentication methods, enforce a principle of least privilege, review existing trust relationships with IT service providers, implement independent encryption, strengthen software and firmware security, monitor their networks for suspicious activity, and ensure that they have incident response and resilience plans in place.

“CISA and FBI strongly encourages critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the mitigations outlined in this CSA to strengthen SATCOM network cybersecurity,” the agencies said.

The alert comes just days after Reuters reported that the NSA and other intelligence agencies are looking into whether Russian state-sponsored hackers are behind a recent attack on a satellite internet provider.

The cyberattack on the satellite service started on February 24, just as Russia launched its invasion of Ukraine. The attack disabled modems communicating with the Viasat KA-SAT satellite, which provides internet to customers in Ukraine and various other European countries.

Tens of thousands of customers in Europe were left without an internet connection as a result of the incident.

Viasat representatives told Reuters that the attackers leveraged a misconfiguration in the management section of the satellite network for remote access to modems. The modems stopped working and the service provider said the impacted devices would need to be reprogrammed.

One theory is that Russia may have wanted to disrupt satellite internet in an effort to help ground troops by hampering Ukraine’s combat capabilities.

Ruben Santamarta, a cybersecurity expert who has been analyzing satellite communications systems for many years, recently published a blog post providing possible technical explanations regarding how this attack was conducted.

“The attackers likely managed to compromise/spoof a Ground Station, specifically the ‘Element Management’ section (which likely is sync’ed across gateways), to issue a command by abusing a legitimate control protocol (probably TR-069) that deployed a malicious firmware update to the terminals. For instance, this could have been performed using well-known attacks involving VLANs,” Santamarta explained.

While the recent attack targeted Europe, a US official said last year that China and Russia are launching attacks on government satellites “every single day.”

Following Russia’s invasion of Ukraine, several hacktivist groups have launched attacks against Russia, and one group claimed to have hacked into the control center of the Russian space agency Roscosmos, which led to Russia allegedly losing control over their “spy satellites.” However, the same hacker group has been known to make false statements.

Related: CISA, FBI Issue Warnings on WhisperGate, HermeticWiper Attacks

Related: U.S. Issues Fresh Warning Over Russian Cyber Threats as Ukraine Tensions Mount

Related: CISA Again Warns U.S. Organizations of Potential Russian Cyberattacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.