{"id":19023,"date":"2022-05-12T06:10:12","date_gmt":"2022-05-12T14:10:12","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/05\/12\/news-12756\/"},"modified":"2022-05-12T06:10:12","modified_gmt":"2022-05-12T14:10:12","slug":"news-12756","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/05\/12\/news-12756\/","title":{"rendered":"Cyberattacks on SATCOM networks attributed to Russian threat actors"},"content":{"rendered":"

Credit to Author: Pieter Arntz| Date: Thu, 12 May 2022 13:22:00 +0000<\/strong><\/p>\n

The Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have updated their joint cybersecurity advisory, Strengthening Cybersecurity of SATCOM Network Providers and Customers<\/a>, originally released March 17, 2022, with US government attribution to Russian state-sponsored malicious cyberactors.<\/p>\n

Critical infrastructure<\/h2>\n

When we touched on the subject a few months ago, we explained why we think satellites are critical infrastructure<\/a>. Commercial satellites provide us with the ability to establish services like Internet access, television, GPS, and scientific information about the weather and other processes in the atmosphere and on the surface.<\/p>\n

On March 17, 2022, the Cybersecurity & Infrastructure Security Agency (CISA) published an\u00a0alert<\/a>\u00a0in conjunction with the Federal Bureau of Investigation (FBI) which warned of possible threats to US and international satellite communication (SATCOM) networks.<\/p>\n

Along with that alert came a report<\/a> that provided mitigation strategies for SATCOM providers and their customers. And, as part of CISA\u2019s Shields Up<\/a> initiative, all organizations are being asked to significantly lower their threshold for reporting and sharing indications of malicious cyberactivity.<\/p>\n

Spill over<\/h2>\n

The United States believes Russia launched cyberattacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the Russia invasion, and those actions had spillover impacts into other European countries.<\/p>\n

In the months leading up to and after Russia\u2019s invasion began, Ukraine experienced a series of disruptive cyber operations, including website defacements, distributed denial-of-service (DDoS) attacks<\/a>, and cyberattacks to delete data from computers belonging to government and private entities.<\/p>\n

For example, the United States has assessed that Russian military cyber operators have deployed multiple families of destructive wiper malware, like HermeticWiper<\/a>, on Ukrainian Government and private sector networks.<\/p>\n

Now, the US is sharing publicly its assessment that Russia launched cyberattacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries.<\/p>\n

Defense<\/h2>\n

In order to uphold the rules-based international order in cyberspace, the US and its allies and partners are taking steps to defend against Russia\u2019s actions. The US government has developed new mechanisms to help Ukraine identify cyberthreats and recover from cyberincidents.<\/p>\n

CISA has exchanged technical information on cybersecurity threats related to Russia\u2019s further invasion of Ukraine with key partners, including Ukraine.<\/p>\n

Mitigation guidance<\/h2>\n

On March 17, 2022 CISA issued an alert<\/a> providing technical details and mitigation guidance on possible threats to US and international SATCOM networks. A quick recap:<\/p>\n