The U.S. government has issued a cybersecurity alert warning of “possible threats” to satellite communication networks and the country’s critical infrastructure. Concerned that recent attacks on European satellite networks could spread to the United States, a joint advisory published last week by the FBI and the Cybersecurity and Infrastructure Security Agency cited CISA’s “Shield’s Up” initiative, which warns that Russia’s invasion of Ukraine could trigger homeland attacks. The alert requests “all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity.”

The February cyberattack on Europe’s Viasat network provider knocked-out tens of thousands of customers, including Ukraine’s military.

Mitigations for satellite communications (SATCOM) network providers and customers are included in the alert. “It has been acknowledged by one of the representatives of the Ukrainian army that it was a huge loss for them in terms of communications, so obviously that’s one of the most significant sectors that are affected right now,” SATCOM cybersecurity expert Ruben Santamarta told TechCrunch.

SATCOM links are used “in a wide number of industries, including aviation, government, the media and the military, as well as gas facilities and electricity service stations that are located in remote places,” TechCrunch writes.

The alert came just days after allied intelligence agencies appear to have launched an investigation into the Viasat KA-SAT cyberattack at the outset of Russia’s invasion of Ukraine. “The outage, which has not yet been fully resolved, affected satellite Internet services for tens of thousands of customers in Ukraine and elsewhere in Europe, and disconnected roughly 5,800 wind turbines in Germany,” according to TechCrunch.

The attack was originally thought to be a distributed denial-of-service (DDoS) attack, but later considered more likely to be an intrusion that took advantage of a misconfiguration at the network management level that permitted unauthorized remote modem access. According to TechCrunch, “this suggests that the attackers likely deployed a malicious firmware update to the terminals.”

Per the alert, companies are advised to monitor network logs for suspicious activity and unauthorized or unusual login attempts, and urged to add extra monitoring at ingress and egress points to SATCOM equipment checking for the presence of insecure remote access tools, such as Teletype Network Protocol (Telnet), File Transfer Protocol (FTP), Secure Shell Protocol (SSH), Secure Copy Protocol (SCP), and Virtual Network Computing (VNC).

According to Nextgov, an Office of the Director of National Intelligence report indicates Russia might be in a position to attack U.S. satellites.

“Russia will remain a key space competitor, maintaining a large network of reconnaissance, communications and navigation satellites,” Nextgov quoted the IC’s report, adding that “Moscow will focus on integrating space services — such as communications; positioning, navigation, and timing; geolocation; and intelligence, surveillance, and reconnaissance — into its weapons and command-and-control systems, allowing Moscow to more quickly identify, track and target U.S. satellites during a conflict.”

Related:
White House Warns of Possible Russian Cyberstrike on U.S. Critical Infrastructure, Ars Technica, 3/21/22