{"id":2631,"date":"2023-12-12T23:22:13","date_gmt":"2023-12-12T22:22:13","guid":{"rendered":"https:\/\/www.spacesecurity.info\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/"},"modified":"2023-12-13T22:42:18","modified_gmt":"2023-12-13T21:42:18","slug":"space-cyber-attack-post-mortem-a-viasat-attack-investigation","status":"publish","type":"post","link":"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/","title":{"rendered":"Viasat Attack: A Space Cyber Attack Post Mortem Investigation"},"content":{"rendered":"<h2>Introduction<\/h2>\n<p>In this paper, I choose to investigate the Viasat cyber attack that occurred on 24 February, 2022. First, I will summarize the chronology of events (Chapter 1). Then, I will try to critique the organization\u2019s response to the cyber attack (Chapter 2). After that, I will suggest additional steps that could have been taken to further mitigate the impact moving forward (Chapter 3). Finally, I will think about what the attacked organization could have done beforehand to prevent the attack (Chapter 4).<\/p>\n<h2>Disclaimer, details and references<\/h2>\n<p>To do this analysis of the Viasat cyber attack, I used 3 articles, documents or papers detailed below:<\/p>\n<ul>\n<li>[1] <a href=\"https:\/\/www.researchgate.net\/publication\/363558808_Space_Cybersecurity_Lessons_Learned_from_The_ViaSat_Cyberattack\">Space Cybersecurity Lessons Learned from The ViaSat Cyberattack<\/a> from Nicol\u00f2 Boschetti (Cornell University), Nathaniel Gordon (Johns Hopkins University) and Gregory Falco (Cornell University)<\/li>\n<li>[2] <a href=\"https:\/\/news.viasat.com\/blog\/corporate\/ka-sat-network-cyber-attack-overview\">KA-SAT Network cyber attack overview<\/a> by Viasat<\/li>\n<li>[3] <a href=\"https:\/\/www.sentinelone.com\/labs\/acidrain-a-modem-wiper-rains-down-on-europe\/\">AcidRain | A Modem Wiper Rains Down on Europe<\/a> by SentineOne Team<\/li>\n<\/ul>\n<p>First, I used the open-source intelligence (1) of the team composed by Nicol\u00f2 Boschetti (Cornell University), Nathaniel Gordon (Johns Hopkins University) and Gregory Falco (Cornell University). In their open-source intelligence, they reconstructed the lifecycle of the attack. They specified that however, without first-hand knowledge of ViaSat\u2019s systems, they cannot be certain about their hypothesis.<\/p>\n<p>Viasat\u2019s statement (2) on Wednesday, March 30th, 2022 provides a somewhat plausible but incomplete description of the attack. In a statement disseminated to journalists (3), Viasat confirmed the use of the AcidRain wiper in the February 24th attack against their modems.<\/p>\n<p>At the DefCon 31, Mark Colaluca and Nick Saunders from Viasat presented a talk named <a href=\"https:\/\/youtu.be\/qI_ICtX3Gm8?si=yraxgbB6rp2TgTb2\">Defending KA-SAT<\/a>. During this talk, they argued not to believe everything that you can read on the internet. It\u2019s often simply inaccurate. They told that there is no evidence or proof of the claims. There is no evidence of any compromise or tampering with Viasat modem software or firmware images and no evidence of any supply-chain interference. Regarding, the possibility that wiper-malware was deployed and erased the hard drives of the modems, they answered that modems don\u2019t have hard drives.<\/p>\n<h2>1. Summary of chronology of events<\/h2>\n<p>The Ukrainian conflict shown the potential and temptation of targeting space assets during an armed conflict between two states. Telecommunications satellites are vital to both national security and the economy. But unfortunately, they are also increasingly vulnerable to cyber-attacks and increasingly targeted by malicious actors.<\/p>\n<p>Regarding the Ukrainian conflict, one example is the cyber-attack on the Viasat satellite company.<\/p>\n<p>The Viasat attack was a cyberattack on American communications company Viasat affecting their KA-SAT network, on 24 February, 2022. Thousands of Viasat modems got hacked by a deliberate cyber event. Thousands of customers in Europe, especially in Ukraine, have been without internet for a month since.<\/p>\n<p>Viasat is an American communications company based in Carlsbad, California, with additional operations across the United States and worldwide. Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.<\/p>\n<p>This attack began approximately one hour before Russia launched its major invasion of Ukraine. UK and US intelligence assesses that Russia was almost certainly responsible for the attack.<\/p>\n<p>According to Viasat, the attacker used a poorly configured virtual private network appliance to gain access via internet to the trusted management part of the KA-SAT network.<\/p>\n<p>The vulnerability used by the attackers is CVE-2018-13379, corresponding to a vulnerability in the Fortinet firewall discovered in 2019.<\/p>\n<p>Once on the trusted management segment of the KA-SAT network, the attackers issued commands to select specific beam spots and then signal to the modems.<\/p>\n<p>They overwrote part of the flash memory in modems, making them unable to access the network, but not permanently damaged. The satellite itself and its ground infrastructure were not directly affected.<\/p>\n<p>With their open-source intelligence, the team [1] (Nicol\u00f2 Boschetti, Nathaniel Gordon and Gregory Falco) schematized the entire attack lifecycle in the diagram below.<\/p>\n<figure id=\"attachment_2439\" aria-describedby=\"caption-attachment-2439\" style=\"width: 818px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/09\/Viasat-Attack-Life-cycle.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-2439 size-full\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/09\/Viasat-Attack-Life-cycle.jpg\" alt=\"\" width=\"818\" height=\"854\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/09\/Viasat-Attack-Life-cycle.jpg 818w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/09\/Viasat-Attack-Life-cycle-287x300.jpg 287w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/09\/Viasat-Attack-Life-cycle-768x802.jpg 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/09\/Viasat-Attack-Life-cycle-696x727.jpg 696w\" sizes=\"auto, (max-width: 818px) 100vw, 818px\" \/><\/a><figcaption id=\"caption-attachment-2439\" class=\"wp-caption-text\">Figure 1 : The anatomy of the ViaSat attack broken into seven levels of escalation. From : Nicol\u00f2 Boschetti (Cornell University) and Gregory Falco (Cornell University) \u2013 2022<\/figcaption><\/figure>\n<h2>2. Criticism of the organization\u2019s response to the cyber attack<\/h2>\n<p>ViaSat seems to be a company with dual-use satellites &#8211; satellites that can serve both civil and military. Presumably, Viasat was not prepared to be a military target in. I think that dual-use commercial space companies must be aware and prepared to be a military target in.<\/p>\n<p>Viasat also appears to be a geographically dispersed organization. The ground segment of Viasat is called KA-SAT Network. Launched and owned by Eutelsat, the KA-SAT network was acquired by ViaSat in 2020. During the acquisition transition period, the management of the ground segment was still in the hands of the Eutelsat subsidiary Skylogic. Each subsidiary is responsible for different elements of the KA-SAT infrastructure.<\/p>\n<p>This organizational complexity makes challenging to have homogenous security controls and the geographic dispersion of the organizations and their integration through corporate acquisition did not help with the managerial coordination of the attack response. When responding to the attack, there was an apparent lack of coordination of ViaSat, Eutelsat, and Skylogic.<\/p>\n<h2>3. Additional suggestions that could have been taken to further mitigate the impact moving forward<\/h2>\n<p>As additional steps that I can suggest is the need for an agile and software-enabled strategy to quickly respond to attacks. Indeed, the AcidRain wiper malware resulted in the development of a lot of inoperable modems. Shipping tens of thousands of modems is undoubtedly time-intensive and costly.<\/p>\n<p>Given the critical nature of the satellite communication system, it is unacceptable for such a delay. Viasat need to deploy a better agile response to attack like the possibility to deploy a software update that was developed to restore access for users.<\/p>\n<h2>4. What the attacked organization could have done beforehand to prevent the attack<\/h2>\n<p>This attack is a concrete example of malicious operations carried out by a group of adversaries during a space-cyber war.<\/p>\n<p>To combat cyber-attacks on space systems, states should adopt national policies to defend against threats to space-based assets and applications. This won&#8217;t prevent space-cyber hostilities, but it could provide protections against space-cyber threats.<\/p>\n<p>Verification and Validation before launch are also very important. Space systems, once launched and deployed, are subject to limitations around structural modifications. For example, Terminals, Modems or End User Equipment are not easily replaced or modified.<\/p>\n<p>Viasat should also do penetration testing in order to test robustness before deploying their equipment. They also need to ensure there equipment are hardening as the good security level.<\/p>\n<p>Viasat need to do threat modelling for Space Systems. Threat modelling plays a crucial role in risk mitigation. Threat modelling helps to identify the security requirements of a system or process and is far more cost-effective than reacting to a breach or attack<\/p>\n<p>Viasat need also to do security risk analysis. Risk analysis allows to identify risk and their likelihood and impact on a system. Risk analysis allows also to identify mitigation plan to reduce risks.<\/p>\n<p>Viasat as satellite providers must be concerned about its supply chains and vendor ecosystems. Given the critical nature of the satellite communication system, Viasat need to monitor its supply chain. Supply chain has been identify by ENISA, the European Union Agency for Cybersecurity, as the mainly attack threat vector in 2021. Viasat should engage in supply chain security best practices such as conducting extensive vendor cybersecurity evaluations.<\/p>\n<p>Finally, Viasat should establish a strong patch management program in order to maintain a regular security update.<\/p>\n<h2>Main References<\/h2>\n<ul>\n<li>[1] <a href=\"https:\/\/www.researchgate.net\/publication\/363558808_Space_Cybersecurity_Lessons_Learned_from_The_ViaSat_Cyberattack\">Space Cybersecurity Lessons Learned from The ViaSat Cyberattack<\/a> from Nicol\u00f2 Boschetti (Cornell University), Nathaniel Gordon (Johns Hopkins University) and Gregory Falco (Cornell University)<\/li>\n<li>[2] <a href=\"https:\/\/news.viasat.com\/blog\/corporate\/ka-sat-network-cyber-attack-overview\">KA-SAT Network cyber attack overview<\/a> by Viasat<\/li>\n<li>[3] <a href=\"https:\/\/www.sentinelone.com\/labs\/acidrain-a-modem-wiper-rains-down-on-europe\/\">AcidRain | A Modem Wiper Rains Down on Europe<\/a> by SentineOne Team<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Introduction In this paper, I choose to investigate the Viasat cyber attack that occurred on 24 February, 2022. First, I will summarize the chronology of events (Chapter 1). Then, I will try to critique the organization\u2019s response to the cyber attack (Chapter 2). After that, I will suggest additional steps that could have been taken [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2468,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[38,21,22,28],"tags":[],"class_list":{"0":"post-2631","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-en","8":"category-europe-en","9":"category-hacking-en","10":"category-satellite-en"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Viasat Attack: A Space Cyber Attack Post Mortem Investigation - Space &amp; Cybersecurity Info<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Viasat Attack: A Space Cyber Attack Post Mortem Investigation - Space &amp; Cybersecurity Info\" \/>\n<meta property=\"og:description\" content=\"Introduction In this paper, I choose to investigate the Viasat cyber attack that occurred on 24 February, 2022. First, I will summarize the chronology of events (Chapter 1). Then, I will try to critique the organization\u2019s response to the cyber attack (Chapter 2). After that, I will suggest additional steps that could have been taken [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/\" \/>\n<meta property=\"og:site_name\" content=\"Space &amp; Cybersecurity Info\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-12T22:22:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-12-13T21:42:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/viasat-diagramme.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"921\" \/>\n\t<meta property=\"og:image:height\" content=\"756\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fran\u00e7ois Quiquet\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fran\u00e7ois Quiquet\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\\\/\"},\"author\":{\"name\":\"Fran\u00e7ois Quiquet\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#\\\/schema\\\/person\\\/5e36ba49bf1d87a387c9ab60c233013c\"},\"headline\":\"Viasat Attack: A Space Cyber Attack Post Mortem Investigation\",\"datePublished\":\"2023-12-12T22:22:13+00:00\",\"dateModified\":\"2023-12-13T21:42:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\\\/\"},\"wordCount\":1272,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/viasat-diagramme.jpg\",\"articleSection\":[\"Cyber\",\"Europe\",\"Hacking\",\"Satellite\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\\\/\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\\\/\",\"name\":\"Viasat Attack: A Space Cyber Attack Post Mortem Investigation - Space &amp; Cybersecurity Info\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/viasat-diagramme.jpg\",\"datePublished\":\"2023-12-12T22:22:13+00:00\",\"dateModified\":\"2023-12-13T21:42:18+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/viasat-diagramme.jpg\",\"contentUrl\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/viasat-diagramme.jpg\",\"width\":921,\"height\":756},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Viasat Attack: A Space Cyber Attack Post Mortem Investigation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/\",\"name\":\"Space Cybersecurity Info\",\"description\":\"La cybers\u00e9curit\u00e9 appliqu\u00e9e au domaine de l&#039;espace\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#organization\",\"name\":\"Space Security Info\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/SSI-Logo-4.jpg\",\"contentUrl\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/SSI-Logo-4.jpg\",\"width\":594,\"height\":144,\"caption\":\"Space Security Info\"},\"image\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#\\\/schema\\\/person\\\/5e36ba49bf1d87a387c9ab60c233013c\",\"name\":\"Fran\u00e7ois Quiquet\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g\",\"caption\":\"Fran\u00e7ois Quiquet\"},\"description\":\"(EN) I'm a cybersecurity engineer in network, telecommunication and embedded\\\/integrated systems. Founder of the website spacesecurity.info. Passionate about cybersecurity and space, I share my two passions through this site. My goal is to federate a community around these two themes. Join my LinkedIn Group. (FR) Je suis ing\u00e9nieur cybers\u00e9curit\u00e9 en r\u00e9seau, t\u00e9l\u00e9communication et syst\u00e8mes embarqu\u00e9s et int\u00e9gr\u00e9s. Fondateur du site spacesecurity.info. Passionn\u00e9 de cybers\u00e9curit\u00e9 et du monde de l'espace, j'ai souhait\u00e9 partager mes deux passions \u00e0 travers ce site. Mon objectif est de f\u00e9d\u00e9rer une communaut\u00e9 autour de ces deux th\u00e8mes. Rejoindre mon groupe LinkedIn.\",\"sameAs\":[\"https:\\\/\\\/www.spacesecurity.info\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/francoisquiquet\\\/\"],\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/author\\\/francois\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Viasat Attack: A Space Cyber Attack Post Mortem Investigation - Space &amp; Cybersecurity Info","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/","og_locale":"en_US","og_type":"article","og_title":"Viasat Attack: A Space Cyber Attack Post Mortem Investigation - Space &amp; Cybersecurity Info","og_description":"Introduction In this paper, I choose to investigate the Viasat cyber attack that occurred on 24 February, 2022. First, I will summarize the chronology of events (Chapter 1). Then, I will try to critique the organization\u2019s response to the cyber attack (Chapter 2). After that, I will suggest additional steps that could have been taken [&hellip;]","og_url":"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/","og_site_name":"Space &amp; Cybersecurity Info","article_published_time":"2023-12-12T22:22:13+00:00","article_modified_time":"2023-12-13T21:42:18+00:00","og_image":[{"width":921,"height":756,"url":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/viasat-diagramme.jpg","type":"image\/jpeg"}],"author":"Fran\u00e7ois Quiquet","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fran\u00e7ois Quiquet","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/#article","isPartOf":{"@id":"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/"},"author":{"name":"Fran\u00e7ois Quiquet","@id":"https:\/\/www.spacesecurity.info\/en\/#\/schema\/person\/5e36ba49bf1d87a387c9ab60c233013c"},"headline":"Viasat Attack: A Space Cyber Attack Post Mortem Investigation","datePublished":"2023-12-12T22:22:13+00:00","dateModified":"2023-12-13T21:42:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/"},"wordCount":1272,"commentCount":1,"publisher":{"@id":"https:\/\/www.spacesecurity.info\/en\/#organization"},"image":{"@id":"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/#primaryimage"},"thumbnailUrl":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/viasat-diagramme.jpg","articleSection":["Cyber","Europe","Hacking","Satellite"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/","url":"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/","name":"Viasat Attack: A Space Cyber Attack Post Mortem Investigation - Space &amp; Cybersecurity Info","isPartOf":{"@id":"https:\/\/www.spacesecurity.info\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/#primaryimage"},"image":{"@id":"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/#primaryimage"},"thumbnailUrl":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/viasat-diagramme.jpg","datePublished":"2023-12-12T22:22:13+00:00","dateModified":"2023-12-13T21:42:18+00:00","breadcrumb":{"@id":"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/#primaryimage","url":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/viasat-diagramme.jpg","contentUrl":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/viasat-diagramme.jpg","width":921,"height":756},{"@type":"BreadcrumbList","@id":"https:\/\/www.spacesecurity.info\/en\/space-cyber-attack-post-mortem-a-viasat-attack-investigation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.spacesecurity.info\/en\/"},{"@type":"ListItem","position":2,"name":"Viasat Attack: A Space Cyber Attack Post Mortem Investigation"}]},{"@type":"WebSite","@id":"https:\/\/www.spacesecurity.info\/en\/#website","url":"https:\/\/www.spacesecurity.info\/en\/","name":"Space Cybersecurity Info","description":"La cybers\u00e9curit\u00e9 appliqu\u00e9e au domaine de l&#039;espace","publisher":{"@id":"https:\/\/www.spacesecurity.info\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.spacesecurity.info\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.spacesecurity.info\/en\/#organization","name":"Space Security Info","url":"https:\/\/www.spacesecurity.info\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.spacesecurity.info\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2020\/05\/SSI-Logo-4.jpg","contentUrl":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2020\/05\/SSI-Logo-4.jpg","width":594,"height":144,"caption":"Space Security Info"},"image":{"@id":"https:\/\/www.spacesecurity.info\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.spacesecurity.info\/en\/#\/schema\/person\/5e36ba49bf1d87a387c9ab60c233013c","name":"Fran\u00e7ois Quiquet","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g","caption":"Fran\u00e7ois Quiquet"},"description":"(EN) I'm a cybersecurity engineer in network, telecommunication and embedded\/integrated systems. Founder of the website spacesecurity.info. Passionate about cybersecurity and space, I share my two passions through this site. My goal is to federate a community around these two themes. Join my LinkedIn Group. (FR) Je suis ing\u00e9nieur cybers\u00e9curit\u00e9 en r\u00e9seau, t\u00e9l\u00e9communication et syst\u00e8mes embarqu\u00e9s et int\u00e9gr\u00e9s. Fondateur du site spacesecurity.info. Passionn\u00e9 de cybers\u00e9curit\u00e9 et du monde de l'espace, j'ai souhait\u00e9 partager mes deux passions \u00e0 travers ce site. Mon objectif est de f\u00e9d\u00e9rer une communaut\u00e9 autour de ces deux th\u00e8mes. Rejoindre mon groupe LinkedIn.","sameAs":["https:\/\/www.spacesecurity.info","https:\/\/www.linkedin.com\/in\/francoisquiquet\/"],"url":"https:\/\/www.spacesecurity.info\/en\/author\/francois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/posts\/2631","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/comments?post=2631"}],"version-history":[{"count":1,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/posts\/2631\/revisions"}],"predecessor-version":[{"id":2632,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/posts\/2631\/revisions\/2632"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/media\/2468"}],"wp:attachment":[{"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/media?parent=2631"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/categories?post=2631"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/tags?post=2631"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}