A misconfigured virtual private networking (VPN) appliance allowed attackers access to Viasat’s trusted management network to issue commands that knocked thousands of customer modems offline, the wholesale satellite provider said.
In an incident post-mortem, Viasat said the attack saw modems being disconnected from its KA-SAT network via legitimate management commands that overwrote data in the flash memory of the devices.
Although the modems can be fully restored via a factory update, Viasat and its supplier Skylogic have shipped nearly 30,000 replacement modems to distributors, as the fastest way to get them back online.
The attack took place on February 24, and was detected as high volumes of malicious traffic emanated from the company’s supplied SurfBeam2, SurfBeam 2+ modems, and other customer premises equipment located within Ukraine.
A Viasat consumer-oriented service partition, Tooway, was struck, but the company says it has not seen evidence that the destructive attack went any further than that.
The satellite provider said government users were not affected by the attack, and its network was fully stabilised within several days.
Viasat and Skylogic declined to publish further technical details such as the nature of the VPN appliance misconfiguration, citing unspecified mitigation actions taken to restore network stability and to prevent similar attacks.