CISA, FBI Warn US Critical Organizations of Threats to SATCOM Networks


CISA and the FBI said today they are aware of “potential threats” to satellite communications networks (SATCOM) in the US and worldwide.

Today’s security advisory also warned US critical infrastructure organizations of risks to customers of SATCOM providers following network breaches.

“Successful breaches of SATCOM networks can create risks in the customer environments of SATCOM network providers,” said CISA and the FBI.

“CISA and FBI strongly encourage critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the mitigations described in this CSA to strengthen the cybersecurity of the SATCOM network.”

While the two federal agencies advised SATCOM network providers to add additional inbound and outbound monitoring to detect anomalous traffic, they also shared common mitigations that should be implemented by both customers and carriers, including:

Use secure methods for authentication, including multi-factor authentication where possible Enforce the least privilege principle through authorization policies Verify existing trust relationships with IT service providers to remove potential attack vectors Implement encryption for all communications links leased from or provided by your SATCOM provider Concerns for robust patching and system configuration audits Monitor logs for suspicious activity Ensure plans are in place for incident response, resiliency and continuity of operations

Sabotage of KA-SAT satellite network

Today’s warning comes after US satellite communications provider Viasat’s KA-SAT network – “intensively used by the Ukrainian military” – was affected by a cyber attack that subsequently led to the failure of satellite services in Central and Eastern Europe

The outage also disconnected approximately 5,800 wind turbines in Germany and affected customers from Germany, France, Italy, Hungary, Greece and Poland.

Viasat officials told CNN that satellite modems belonging to tens of thousands of European customers, including Ukrainians, had been disabled in a “deliberate, isolated and remote cyber event,” following a cyber attack on Feb. 24, roughly around the time the Russian military invaded Ukraine. †

Update: Satellite operator Viasat’s KA-SAT network in Europe remains hard-hit 18 days after it was the target of an apparent cyberattack, one of several incidents witnessed when Russia invaded Ukraine on the morning of February 24

— NetBlocks (@netblocks) March 15, 2022

The Viasat hack is also now under investigation by the US government as a possible Russian state-sponsored cyberattack, according to an NSA statement pointing to an effort between various agencies and allies (including the French ANSSI and Ukrainian intelligence) to ” the magnitude and seriousness of the incident.”

The NSA confirmed it is “aware of reports of a potential cyberattack that has disconnected thousands of very narrow-aperture terminals that receive data to and from a satellite network,” as first reported by CNN.

Victor Zhora, CDTO (Chief Digital Transformation Officer) at the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine, said the satellite hack “was a really huge loss of communications in the very beginning of the war.”

This post CISA, FBI Warn US Critical Organizations of Threats to SATCOM Networks

was original published at “”