{"id":3076,"date":"2025-01-13T16:36:42","date_gmt":"2025-01-13T15:36:42","guid":{"rendered":"https:\/\/www.spacesecurity.info\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/"},"modified":"2025-01-13T17:27:53","modified_gmt":"2025-01-13T16:27:53","slug":"how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding","status":"publish","type":"post","link":"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/","title":{"rendered":"Enhancing Threat Understanding: Modeling the Viasat Cyber Attack with MITRE CTID&#8217;s Attack Flow Builder"},"content":{"rendered":"<h2>Introduction<\/h2>\n<p>In the complex landscape of modern cybersecurity, understanding the intricate mechanisms of sophisticated cyber attacks has become paramount.<\/p>\n<p>On February 24, 2022, Viasat, a global communications company, fell victim to a significant cyber attack that disrupted satellite internet services across Europe.\u00a0This incident highlighted the vulnerabilities in critical infrastructure and the need for advanced threat modeling tools.<\/p>\n<p>As part of a previous study, the work of which you can read in <a href=\"https:\/\/www.spacesecurity.info\/an-analysis-of-the-viasat-cyber-attack-with-the-mitre-attck-framework\/\">this article<\/a>,\u00a0 I did an analysis of the Viasat cyber attack with the MITRE ATT&amp;CK\u00ae framework.<\/p>\n<p>To go further, I conducted in this article, an in-depth analysis of the attack using the <a href=\"https:\/\/center-for-threat-informed-defense.github.io\/attack-flow\/ui\/\">Attack Flow Builder<\/a>, a cutting-edge tool developed by MITRE Engenuity&#8217;s Center for Threat-Informed Defense.<\/p>\n<h2>About the Viasat hack in brief<\/h2>\n<figure id=\"attachment_2470\" aria-describedby=\"caption-attachment-2470\" style=\"width: 300px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/Viasat-logo.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-2470 size-medium\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/Viasat-logo-300x119.jpg\" alt=\"\" width=\"300\" height=\"119\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/Viasat-logo-300x119.jpg 300w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/Viasat-logo.jpg 635w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-2470\" class=\"wp-caption-text\">Viasat Logo<\/figcaption><\/figure>\n<p>The Viasat hack was a cyberattack on American communications company Viasat affecting their KA-SAT network, on 24 February, 2022.<\/p>\n<p>Thousands of Viasat modems got hacked by a \u00ab\u00a0deliberate \u2026 cyber event\u00a0\u00bb. Thousands of customers in Europe have been without internet for a month since. During the same time, remote control of 5,800 wind turbines belonging to Enercon in Central Europe was affected.<\/p>\n<p>According to Viasat, the attacker used a poorly configured virtual private network appliance to gain access to the trusted management part of the KA-SAT network. The attackers then issued commands to overwrite part of the flash memory in modems, making them unable to access the network, but not permanently damaged. The satellite itself and its ground infrastructure were not directly affected.<\/p>\n<h2>About the Attack Flow Builder Tool<\/h2>\n<figure id=\"attachment_3060\" aria-describedby=\"caption-attachment-3060\" style=\"width: 696px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Flow-builder-MITRE.png\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-3060 size-large\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Flow-builder-MITRE-1024x763.png\" alt=\"\" width=\"696\" height=\"519\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Flow-builder-MITRE-1024x763.png 1024w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Flow-builder-MITRE-300x224.png 300w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Flow-builder-MITRE-768x572.png 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Flow-builder-MITRE-80x60.png 80w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Flow-builder-MITRE-696x519.png 696w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Flow-builder-MITRE-1068x796.png 1068w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Flow-builder-MITRE-265x198.png 265w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Flow-builder-MITRE.png 1353w\" sizes=\"auto, (max-width: 696px) 100vw, 696px\" \/><\/a><figcaption id=\"caption-attachment-3060\" class=\"wp-caption-text\">Exemple of Attack Flow Builder<\/figcaption><\/figure>\n<p>The <a href=\"https:\/\/center-for-threat-informed-defense.github.io\/attack-flow\/ui\/\">Attack Flow Builder<\/a> is an online tool designed by MITRE Engenuity&#8217;s Center for Threat-Informed Defense\u00a0to visualize and analyze complex attack sequences. It allows cybersecurity professionals to model adversary behaviors, providing a comprehensive view of how attackers achieve their objectives.<\/p>\n<p>The key features of the Attack Flow Builder include:<\/p>\n<ul>\n<li>Visual representation of attack sequences<\/li>\n<li>Integration with the MITRE ATT&amp;CK framework<\/li>\n<li>Collaborative sharing capabilities<\/li>\n<li>Support for various use cases, from threat intelligence to defensive planning<\/li>\n<\/ul>\n<h2>Modeling the Viasat Attack<\/h2>\n<p>In <a href=\"https:\/\/www.spacesecurity.info\/an-analysis-of-the-viasat-cyber-attack-with-the-mitre-attck-framework\/\">my previous work<\/a>:<\/p>\n<ul>\n<li>I compared the 4 frameworks that can be used for the space sector: MITRE ATT&amp;CK, SPARTA, SPACE-SHIELD and TREKS.<\/li>\n<li>I explained why I choose the MITRE ATT&amp;CK Framework<\/li>\n<li>I identified Tactics, Techniques and Procedures (TTPs) from the MITRE ATT&amp;CK\u00ae framework that have been used by the hackers<\/li>\n<li>I mapped them on the MITRE ATT&amp;CK\u00ae Navigator in order to have the complete attack chain.<\/li>\n<\/ul>\n<figure id=\"attachment_2459\" aria-describedby=\"caption-attachment-2459\" style=\"width: 696px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/MITRE-ATTCK-viasat-attack.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-2459 size-large\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/MITRE-ATTCK-viasat-attack-1024x435.jpg\" alt=\"\" width=\"696\" height=\"296\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/MITRE-ATTCK-viasat-attack-1024x435.jpg 1024w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/MITRE-ATTCK-viasat-attack-300x128.jpg 300w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/MITRE-ATTCK-viasat-attack-768x327.jpg 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/MITRE-ATTCK-viasat-attack-1536x653.jpg 1536w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/MITRE-ATTCK-viasat-attack-696x296.jpg 696w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/MITRE-ATTCK-viasat-attack-1068x454.jpg 1068w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/MITRE-ATTCK-viasat-attack.jpg 1879w\" sizes=\"auto, (max-width: 696px) 100vw, 696px\" \/><\/a><figcaption id=\"caption-attachment-2459\" class=\"wp-caption-text\">Table showing all TTPs used during the Viasat Attack and mapped on the MITRE ATT&amp;CK Navigator<\/figcaption><\/figure>\n<p>Using results of this work, I created a detailed model of the Viasat cyber attack.<\/p>\n<figure id=\"attachment_2467\" aria-describedby=\"caption-attachment-2467\" style=\"width: 921px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/viasat-diagramme.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-2467 size-full\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/viasat-diagramme.jpg\" alt=\"\" width=\"921\" height=\"756\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/viasat-diagramme.jpg 921w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/viasat-diagramme-300x246.jpg 300w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/viasat-diagramme-768x630.jpg 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2023\/10\/viasat-diagramme-696x571.jpg 696w\" sizes=\"auto, (max-width: 921px) 100vw, 921px\" \/><\/a><figcaption id=\"caption-attachment-2467\" class=\"wp-caption-text\">Threat Model showing all TTPs used during the Viasat Attack<\/figcaption><\/figure>\n<p>I then utilized the Attack Flow Builder to deconstruct the Viasat cyber attack, meticulously tracing each stage of the intrusion. By systematically documenting the initial access vector, tracking lateral movement within the network, and visualizing the execution of the malicious firmware update, I created a detailed forensic map of the attack&#8217;s progression.<\/p>\n<h2>Results of the Modeling of the Viasat Attack with the Attack Flow Builder<\/h2>\n<p>Original file in big format can be found below<\/p>\n<figure id=\"attachment_3062\" aria-describedby=\"caption-attachment-3062\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Viasat-Attack-Flow-scaled.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-3062 size-full\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Viasat-Attack-Flow-scaled.jpg\" alt=\"\" width=\"1000\" height=\"2560\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Viasat-Attack-Flow-scaled.jpg 1000w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Viasat-Attack-Flow-117x300.jpg 117w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Viasat-Attack-Flow-400x1024.jpg 400w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Viasat-Attack-Flow-768x1965.jpg 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Viasat-Attack-Flow-600x1536.jpg 600w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Viasat-Attack-Flow-800x2048.jpg 800w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Viasat-Attack-Flow-696x1781.jpg 696w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Viasat-Attack-Flow-1068x2733.jpg 1068w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/a><figcaption id=\"caption-attachment-3062\" class=\"wp-caption-text\">Viasat Attack Threat Modeling with the MITRE Attack Flow Builder<\/figcaption><\/figure>\n<h2>Downloading and sharing the project files<\/h2>\n<p>The format used for creating and editing in the Attack Flow Builder is the AFB builder\u00a0 format (.afb). The AFB file below can be used to open the project for further editing in the future.<\/p>\n<p>The machine-readable format for exchanging flows is the JSON format (.json). The JSON file below can be used for exchanging, publishing and processing Attack Flows.<\/p>\n<p>The PNG format is used to save the flow. This format is\u00a0great for visualizing, using in presentations, sharing with others, etc..<\/p>\n<ul>\n<li>Download <a href=\"https:\/\/spacesecurity.info\/wp-content\/uploads\/viasat-attack\/An%20analysis%20of%20the%20Viasat%20cyber%20attack%20with%20the%20Attack%20Flow%20Builder%20by%20MITRE%20Engenuity's%20Center%20for%20Threat-Informed%20Defense.json\">json file<\/a> of the viasat attack<\/li>\n<li>Download <a href=\"https:\/\/spacesecurity.info\/wp-content\/uploads\/viasat-attack\/An%20analysis%20of%20the%20Viasat%20cyber%20attack%20with%20the%20Attack%20Flow%20Builder%20by%20MITRE%20Engenuity's%20Center%20for%20Threat-Informed%20Defense.png\">png file<\/a>\u00a0of the viasat attack<\/li>\n<li>Download <a href=\"https:\/\/spacesecurity.info\/wp-content\/uploads\/viasat-attack\/An%20analysis%20of%20the%20Viasat%20cyber%20attack%20with%20the%20Attack%20Flow%20Builder%20by%20MITRE%20Engenuity's%20Center%20for%20Threat-Informed%20Defense.afb\">afb file<\/a>\u00a0of the viasat attack<\/li>\n<\/ul>\n<h2>Benefits of Attack Flow Modeling<\/h2>\n<p>The attack flow modeling process revealed critical insights into the attack&#8217;s methodology, exposing potential vulnerabilities and attack vectors. This approach allows a better understanding of the specific incident. This approach also provides a replicable framework for analyzing similar complex cyber incidents.<\/p>\n<h2>Impact and Perspectives<\/h2>\n<p>By demonstrating the Attack Flow Builder&#8217;s capabilities, I hope my work will contribute to the broader cybersecurity community&#8217;s understanding of threat modeling.<\/p>\n<p>I think that the Attack Flow Builder tool represents a significant step towards more proactive, intelligence-driven defensive strategies, enabling organizations to anticipate and mitigate potential cyber risks more effectively.<\/p>\n<p>My analysis not only illuminates the specifics of this particular Viasat Attack but also provides a methodology for understanding and defending against complex cyber threats in an increasingly interconnected landscape.<\/p>\n<p>In the complex landscape where cyber threats continue to evolve with increasing sophistication, a such threat modeling approach allo to develop robust and adaptive cybersecurity frameworks.<\/p>\n<p>Thank&#8217;s for the Center for Threat-Informed Defense for this very useful tool.<\/p>\n<p>The dissemination of my work aims to contribute to the advancement of security practices in the field of satellite systems.<\/p>\n<p>The objective of presenting my work also offers me the opportunity to receive constructive feedback so that I can continue in my research.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction In the complex landscape of modern cybersecurity, understanding the intricate mechanisms of sophisticated cyber attacks has become paramount. On February 24, 2022, Viasat, a global communications company, fell victim to a significant cyber attack that disrupted satellite internet services across Europe.\u00a0This incident highlighted the vulnerabilities in critical infrastructure and the need for advanced threat [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3065,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[38,21,22,26,28,19],"tags":[],"class_list":{"0":"post-3076","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-en","8":"category-europe-en","9":"category-hacking-en","10":"category-russia-en","11":"category-satellite-en","12":"category-united-states"},"a3_pvc":{"activated":false,"total_views":0,"today_views":0},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Enhancing Threat Understanding: Modeling the Viasat Cyber Attack with MITRE CTID&#039;s Attack Flow Builder - Space &amp; Cybersecurity Info<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Enhancing Threat Understanding: Modeling the Viasat Cyber Attack with MITRE CTID&#039;s Attack Flow Builder - Space &amp; Cybersecurity Info\" \/>\n<meta property=\"og:description\" content=\"Introduction In the complex landscape of modern cybersecurity, understanding the intricate mechanisms of sophisticated cyber attacks has become paramount. On February 24, 2022, Viasat, a global communications company, fell victim to a significant cyber attack that disrupted satellite internet services across Europe.\u00a0This incident highlighted the vulnerabilities in critical infrastructure and the need for advanced threat [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/\" \/>\n<meta property=\"og:site_name\" content=\"Space &amp; Cybersecurity Info\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-13T15:36:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-13T16:27:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Threat-Modeling-with-the-MITRE-Attack-Flow-Builder.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1157\" \/>\n\t<meta property=\"og:image:height\" content=\"736\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fran\u00e7ois Quiquet\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fran\u00e7ois Quiquet\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\\\/\"},\"author\":{\"name\":\"Fran\u00e7ois Quiquet\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#\\\/schema\\\/person\\\/5e36ba49bf1d87a387c9ab60c233013c\"},\"headline\":\"Enhancing Threat Understanding: Modeling the Viasat Cyber Attack with MITRE CTID&#8217;s Attack Flow Builder\",\"datePublished\":\"2025-01-13T15:36:42+00:00\",\"dateModified\":\"2025-01-13T16:27:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\\\/\"},\"wordCount\":915,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Attack-Threat-Modeling-with-the-MITRE-Attack-Flow-Builder.jpg\",\"articleSection\":[\"Cyber\",\"Europe\",\"Hacking\",\"Russia\",\"Satellite\",\"United-States\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\\\/\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\\\/\",\"name\":\"Enhancing Threat Understanding: Modeling the Viasat Cyber Attack with MITRE CTID's Attack Flow Builder - Space &amp; Cybersecurity Info\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Attack-Threat-Modeling-with-the-MITRE-Attack-Flow-Builder.jpg\",\"datePublished\":\"2025-01-13T15:36:42+00:00\",\"dateModified\":\"2025-01-13T16:27:53+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Attack-Threat-Modeling-with-the-MITRE-Attack-Flow-Builder.jpg\",\"contentUrl\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Attack-Threat-Modeling-with-the-MITRE-Attack-Flow-Builder.jpg\",\"width\":1157,\"height\":736},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Enhancing Threat Understanding: Modeling the Viasat Cyber Attack with MITRE CTID&rsquo;s Attack Flow Builder\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/\",\"name\":\"Space Cybersecurity Info\",\"description\":\"La cybers\u00e9curit\u00e9 appliqu\u00e9e au domaine de l&#039;espace\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#organization\",\"name\":\"Space Security Info\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/SSI-Logo-4.jpg\",\"contentUrl\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/SSI-Logo-4.jpg\",\"width\":594,\"height\":144,\"caption\":\"Space Security Info\"},\"image\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#\\\/schema\\\/person\\\/5e36ba49bf1d87a387c9ab60c233013c\",\"name\":\"Fran\u00e7ois Quiquet\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g\",\"caption\":\"Fran\u00e7ois Quiquet\"},\"description\":\"(EN) I'm a cybersecurity engineer in network, telecommunication and embedded\\\/integrated systems. Founder of the website spacesecurity.info. Passionate about cybersecurity and space, I share my two passions through this site. My goal is to federate a community around these two themes. Join my LinkedIn Group. (FR) Je suis ing\u00e9nieur cybers\u00e9curit\u00e9 en r\u00e9seau, t\u00e9l\u00e9communication et syst\u00e8mes embarqu\u00e9s et int\u00e9gr\u00e9s. Fondateur du site spacesecurity.info. Passionn\u00e9 de cybers\u00e9curit\u00e9 et du monde de l'espace, j'ai souhait\u00e9 partager mes deux passions \u00e0 travers ce site. Mon objectif est de f\u00e9d\u00e9rer une communaut\u00e9 autour de ces deux th\u00e8mes. Rejoindre mon groupe LinkedIn.\",\"sameAs\":[\"https:\\\/\\\/www.spacesecurity.info\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/francoisquiquet\\\/\"],\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/author\\\/francois\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Enhancing Threat Understanding: Modeling the Viasat Cyber Attack with MITRE CTID's Attack Flow Builder - Space &amp; Cybersecurity Info","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/","og_locale":"en_US","og_type":"article","og_title":"Enhancing Threat Understanding: Modeling the Viasat Cyber Attack with MITRE CTID's Attack Flow Builder - Space &amp; Cybersecurity Info","og_description":"Introduction In the complex landscape of modern cybersecurity, understanding the intricate mechanisms of sophisticated cyber attacks has become paramount. On February 24, 2022, Viasat, a global communications company, fell victim to a significant cyber attack that disrupted satellite internet services across Europe.\u00a0This incident highlighted the vulnerabilities in critical infrastructure and the need for advanced threat [&hellip;]","og_url":"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/","og_site_name":"Space &amp; Cybersecurity Info","article_published_time":"2025-01-13T15:36:42+00:00","article_modified_time":"2025-01-13T16:27:53+00:00","og_image":[{"width":1157,"height":736,"url":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Threat-Modeling-with-the-MITRE-Attack-Flow-Builder.jpg","type":"image\/jpeg"}],"author":"Fran\u00e7ois Quiquet","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fran\u00e7ois Quiquet","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/#article","isPartOf":{"@id":"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/"},"author":{"name":"Fran\u00e7ois Quiquet","@id":"https:\/\/www.spacesecurity.info\/en\/#\/schema\/person\/5e36ba49bf1d87a387c9ab60c233013c"},"headline":"Enhancing Threat Understanding: Modeling the Viasat Cyber Attack with MITRE CTID&#8217;s Attack Flow Builder","datePublished":"2025-01-13T15:36:42+00:00","dateModified":"2025-01-13T16:27:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/"},"wordCount":915,"commentCount":0,"publisher":{"@id":"https:\/\/www.spacesecurity.info\/en\/#organization"},"image":{"@id":"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/#primaryimage"},"thumbnailUrl":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Threat-Modeling-with-the-MITRE-Attack-Flow-Builder.jpg","articleSection":["Cyber","Europe","Hacking","Russia","Satellite","United-States"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/","url":"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/","name":"Enhancing Threat Understanding: Modeling the Viasat Cyber Attack with MITRE CTID's Attack Flow Builder - Space &amp; Cybersecurity Info","isPartOf":{"@id":"https:\/\/www.spacesecurity.info\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/#primaryimage"},"image":{"@id":"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/#primaryimage"},"thumbnailUrl":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Threat-Modeling-with-the-MITRE-Attack-Flow-Builder.jpg","datePublished":"2025-01-13T15:36:42+00:00","dateModified":"2025-01-13T16:27:53+00:00","breadcrumb":{"@id":"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/#primaryimage","url":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Threat-Modeling-with-the-MITRE-Attack-Flow-Builder.jpg","contentUrl":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/01\/Attack-Threat-Modeling-with-the-MITRE-Attack-Flow-Builder.jpg","width":1157,"height":736},{"@type":"BreadcrumbList","@id":"https:\/\/www.spacesecurity.info\/en\/how-i-modeled-the-viasat-cyber-attack-to-leverage-attack-flow-builder-from-mitre-for-enhanced-threat-understanding\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.spacesecurity.info\/en\/"},{"@type":"ListItem","position":2,"name":"Enhancing Threat Understanding: Modeling the Viasat Cyber Attack with MITRE CTID&rsquo;s Attack Flow Builder"}]},{"@type":"WebSite","@id":"https:\/\/www.spacesecurity.info\/en\/#website","url":"https:\/\/www.spacesecurity.info\/en\/","name":"Space Cybersecurity Info","description":"La cybers\u00e9curit\u00e9 appliqu\u00e9e au domaine de l&#039;espace","publisher":{"@id":"https:\/\/www.spacesecurity.info\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.spacesecurity.info\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.spacesecurity.info\/en\/#organization","name":"Space Security Info","url":"https:\/\/www.spacesecurity.info\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.spacesecurity.info\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2020\/05\/SSI-Logo-4.jpg","contentUrl":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2020\/05\/SSI-Logo-4.jpg","width":594,"height":144,"caption":"Space Security Info"},"image":{"@id":"https:\/\/www.spacesecurity.info\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.spacesecurity.info\/en\/#\/schema\/person\/5e36ba49bf1d87a387c9ab60c233013c","name":"Fran\u00e7ois Quiquet","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g","caption":"Fran\u00e7ois Quiquet"},"description":"(EN) I'm a cybersecurity engineer in network, telecommunication and embedded\/integrated systems. Founder of the website spacesecurity.info. Passionate about cybersecurity and space, I share my two passions through this site. My goal is to federate a community around these two themes. Join my LinkedIn Group. (FR) Je suis ing\u00e9nieur cybers\u00e9curit\u00e9 en r\u00e9seau, t\u00e9l\u00e9communication et syst\u00e8mes embarqu\u00e9s et int\u00e9gr\u00e9s. Fondateur du site spacesecurity.info. Passionn\u00e9 de cybers\u00e9curit\u00e9 et du monde de l'espace, j'ai souhait\u00e9 partager mes deux passions \u00e0 travers ce site. Mon objectif est de f\u00e9d\u00e9rer une communaut\u00e9 autour de ces deux th\u00e8mes. Rejoindre mon groupe LinkedIn.","sameAs":["https:\/\/www.spacesecurity.info","https:\/\/www.linkedin.com\/in\/francoisquiquet\/"],"url":"https:\/\/www.spacesecurity.info\/en\/author\/francois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/posts\/3076","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/comments?post=3076"}],"version-history":[{"count":1,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/posts\/3076\/revisions"}],"predecessor-version":[{"id":3077,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/posts\/3076\/revisions\/3077"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/media\/3065"}],"wp:attachment":[{"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/media?parent=3076"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/categories?post=3076"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/tags?post=3076"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}