Viasat shares details on KA-SAT satellite service cyberattack
The incident report for the 24 February hack of Viasat’s satellite internet service was released by Viasat. The attackers used a VPN misconfiguration to gain access to the KA-SAT network’s trusted management segment, then moved laterally and executed commands to prevent the modems from connecting to the network.
According to SentinelOne, hackers used a data wiper malware called AcidRain to accomplish this. SentinelOne found similarities between AcidRain and VPNFilter with a medium level of confidence; the FBI attributed VPNFilter to Russia in 2018.
Source: Bleeping Computer