More than 22,000 miles above Earth, the KA-SAT is locked in orbit. Traveling at 7,000 miles per hour, in sync with the planet’s rotation, the satellite beams high-speed internet down to people across Europe. Since 2011, it has helped homeowners, businesses, and militaries get online. However, as Russian troops moved into Ukraine during the early hours of February 24, satellite internet connections were disrupted. A mysterious cyberattack against the satellite’s ground infrastructure—not the satellite itself—plunged tens of thousands of people into internet darkness.
Among them were parts of Ukraine’s defenses. “It was a really huge loss in communications in the very beginning of war,” Viktor Zhora, a senior official at Ukraine’s cybersecurity agency, the State Services for Special Communication and Information Protection (SSSCIP), reportedly said two weeks later. He did not provide any more details, and SSSCIP did not respond to WIRED’s request for comment. But the attack against the satellite internet system, owned by US company Viasat since last year, had even wider ramifications. People using satellite internet connections were knocked offline all across Europe, from Poland to France.
Almost a month after the attack, the disruptions continue. Thousands still remain offline in Europe—around 2,000 wind turbines are still disconnected in Germany—and companies are racing to replace broken modems or fix connections with updates. Multiple intelligence agencies, including those in the US and Europe, are also investigating the attack. The Viasat hack is arguably the largest publicly known cyberattack to take place since Russia invaded Ukraine, and it stands out for its impact beyond Ukraine’s borders. But questions about the details of the attack, its purpose, and who carried it out remain—although experts have their suspicions.
Satellite internet connections are often used in areas with low cable coverage, and they are used by everyday citizens as well as official organizations. The setup is different from your typical home or office Wi-Fi network, which mostly rely on wired broadband connections. “Satellite communications are composed of three main components,” says Laetitia Cesari Zarkan, a consultant at the United Nations Institute for Disarmament Research and a doctoral student at the University of Luxembourg. First, there is the spacecraft that’s in orbit, which is used to send “spot beams” back to Earth; these beams provide internet coverage to specific areas on the ground. These beams are then picked up by satellite dishes on the ground. They can be attached to the sides of buildings, or on planes to power in-flight Wi-Fi. And finally there are ground networks, which communicate with and can configure people’s systems. “The ground network is a collection of earth stations connected to the internet by fiber-optic cables,” Zarkan says.
Aside from Zhora’s comment, the Ukrainian government has remained tight-lipped about the attack. However, satellite communications, also known as satcom, appear to be frequently used in the country. Ukraine has the world’s most transparent system for tracking government spending, and multiple government contracts show that the SSSCIP and police have purchased the technology. For instance, during Ukraine’s 2012 elections, more than 12,000 satellite internet connection points were used to monitor voting, official documents spotted by European cybersecurity firm SEKOIA.IO show.
“To disrupt satellite communications, most people—myself included—would look at the signal in space, because it’s exposed,” says Peter Lemme, an aviation specialist who also writes about satellite communications. “You can transmit signals toward the satellite that would effectively jam its ability to receive signals from legitimate modems.” Elon Musk has claimed that Starlink satellite systems he sent to Ukraine have faced jamming attacks.