Viasat Hack "Did Not" Have Huge Impact on Ukrainian Military Communications, Official Says
Contrary to initial reports that it resulted in a "really huge loss in communications in the very beginning of war," the hack did not have a huge impact on ability to coordinate military operations.
In the early weeks of the war in Ukraine, the public learned about a hack that targeted modems used for Viasat internet connectivity on the day the invasion began in February.
The hack occurred on Feb. 24 between 5am and 9 am, around the same time that Russian forces began their onslaught of Ukraine with missiles, and Russian troops began moving into the country.
The hack affected satellite modems belonging to tens of thousands of Viasat customers in Ukraine and elsewhere in Europe, knocking those customers offline. It also affected modems used in Germany to communicate remotely with about 6,000 wind turbines — the turbines continued to work, just remote connectivity to them was lost. And after reports revealed that Ukraine’s military uses satellite communications, experts indicated this could have been Russia’s primary target and that the loss of satellite communications would have had a significant impact on Ukraine’s military.
Pablo Breuer, a former technologist for U.S. special operations command, told Reuters that knocking out satellite internet connectivity could handicap Ukraine’s ability to combat Russian forces.
"Traditional land-based radios only reach so far. If you’re using modern smart systems, smart weapons, trying to do combined arms maneuvers, then you must rely on these satellites," he said.
During a press conference in early March, Victor Zhora, deputy chairman and chief digital transformation officer at the State Service of Special Communications and Information Protection in Ukraine, seemed to confirm this when he told reporters that the hack resulted in a “really huge loss in communications in the very beginning of war.”
This quote has been repeated in numerous media outlets, on Twitter and at conferences where cyberattacks against Ukraine have been discussed in detail. It’s now assumed that the attack had a significant impact on Ukraine’s military communications.
The quote by media outlets was accurate — I was on the press call with Zhora, and reporters quoted him correctly at the time. When journalists asked him to elaborate, he said he was unable to do so.
As a result, reporters automatically assumed that what he meant was that the attack affected the Ukrainian military’s ability to communicate and coordinate operations during that critical period at the start of the war.
It turns out that this was a misunderstanding. I spoke with Zhora recently and asked him about the impact of the Viasat hack on Ukrainian military communications, and he said it would have had an impact if the military’s primary form of communication was via satellite communications. But this was not the case. It was just a backup method to communicate. In reality, the military relies on land lines as its primary form of communication, and as long as those remained intact the military was able to communicate and coordinate just fine. Here’s a transcript of our interview about it, which hopefully can help inform further discussion about this issue:
Zero Day: You had said that the Viasat hack had a significant impact on military communications in Ukraine. The quote in media reports was a “huge loss in communications in the very beginning of war.” How long did that impact last?
Victor Zhora: No, opposite. I was saying that that didn’t have significant impact.
ZD: But all journalists have quoted you saying…
VZ: Yes, I remember our [press conference]. There was loss of communication, but I mean the absence of backup service. But the prime service or services [for communication], they remained operating.
ZD: You’re saying that the Viasat hack did not have a significant impact on Ukrainian military communications.
VZ: Understanding that communications remained…. It had a serious impact on [the] satellite component of communications. But this is not the primary way of communications in armed forces. Land lines are the priority. And in case land lines were destroyed, that could be a serious issue in the first hours of war.
ZD: So just to be clear, you’re saying it was a significant impact on satellite communications, but satellite communications wasn’t the primary method of communications. So are you saying then that it did not have a significant impact on military communications overall because it was just a backup method of communicating?
VZ: I said that it had an impact… the attack resulted in outage of this service. But since it was not the only service, it didn’t impact the process of coordination between forces and between state leaders and forces….There was impact. But this impact didn’t lead to the absence of communication and, correspondingly, to the absence of coordination between forces.
This doesn’t mean that Ukrainian military communications haven’t been impacted during the conflict. The Washington Post reported last month that Russia has, at times, “completely jammed the Ukrainians’ communications and satellite networks” leaving leaders “without a link to front-line soldiers,” forcing Ukrainian commanders to move “around to their troops’ positions to communicate and issue orders.”
“Military communications were completely paralyzed,” Colonel Leonid Khoda, commander of Ukraine’s 1st Tank Brigade, told the Post.
But the story notes that this was caused by jamming communications signals; it doesn’t mention the Viasat hack.
Update 3:30 pm PST: I’ve had some push back on this story from people who are saying that 1) Zhora is contradicting himself and walking back from what he said previously, and 2) there’s no way he can say it didn’t have a huge impact since the Ukrainian military would have relied on satellite communications once radio signals were jammed. Land lines can’t reach soldiers on the front lines, and the only alternative would have been cell phone communication, which isn’t secure, or satellite communication. If Ukraine was relying on satellite communication as a backup, then the Viasat hack would have had an impact they say.
With regard to the first point, it’s not clear Zhora is walking back his previous statement because his original statement wasn’t specifically about the impact on the Ukrainian military. I went back to my recording of the press conference and here’s what he said in response to a question from a reporter for Le Monde.
Le Monde: There have been reports on the [Viasat] incident originating in Ukraine before spreading elsewhere, especially because Ukrainian [garbled word] use satellites in some of its comms. Do you have any details on that?
VZ: I will not disclose a lot of detail on this case, but it was a really huge loss in communications in the very beginning of war and that’s continual of Russian methology [sic] to attack communication lines. That’s probably all that I can say on this particular case.
So it’s not clear that Zhora was ever specifically referring to a “huge loss” for military communications.
With regard to the second point, Zhora says he stands by the statements he made to me in this story. In addition, someone who worked with the Ukrainian military in recent years says that the military didn’t have sufficient distribution of Viasat equipment to cause a huge impact when Viasat was targeted. He also points out that mobile communications never went down, and the Ukrainian military had been working on rolling out secure messaging applications for mobile phones a few years ago.
Related:
Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid
The Ukrainian Power Grid Was Hacked Again
What We Know and Don’t Know about the Cyberattacks Against Ukraine
Dozens of Computers in Ukraine Wiped with Destructive Malware in Coordinated Attack
Hackers Were in Ukraine Systems Months Before Deploying Wiper
Wiper in Ukraine Repurposed from WhiteBlackCrypt Ransomware
If you like this story, feel free to share with others.
If you’d like to receive future articles directly to your email in-box, you can also subscribe for free or, if you wish to support my work, become a paid subscriber.