Hi Guys,

On the 24th of February, when Russia started its full-scale attack on Ukraine, tens of thousands of Satcom terminals suddenly stopped working in several European countries, mainly in Ukraine. From what we can tell, all of these devices were directly targeted in a full-scale cyber-attack, and they were all taken out with ease.

Firstly, what is a Satcom terminal?

Satcom stands for satellite communications, so a Satcom terminal is a device used for satellite communications. They can be used for anything from emergency communications devices that allow you to talk when the phone networks are down or even access the Internet. They are used all the time in war zones for armies to communicate.

According to Thales, one of the largest defense contractors in the world:

“Communication satellite allows military units to plan and coordinate their infantry and units in the field. They provide tactical communication on the move and are easily integrated on vehicles, naval vessels, and aircraft.”

So what happened?

  • On the 24th of February, tens of thousands of Satcom terminals stopped working, which essentially cut the ability for owners of the affected equipment to communicate with each other using satellite. The same day as the physical attack on Ukraine, a massive part of the communications network is taken offline, killing satellite communications in the targeted area.
  • In this video, you can watch a press conference where Commander General Michel Friedling (In French with English subtitles) confirms that this was the direct result of a cyber attack. Click HERE
  • The scariest part is this sentence here – “the terminals have been damaged, made inoperable and probably cannot be repaired”. What happened here reminds me of the Stuxnet virus from years ago that successfully destroyed dozens of Iranian centrifuges critical in the Uranian enrichment process. This virus put Iran’s nuclear capability back many years. Nobody knows who was behind Stuxnet, but we know the government made it. Stuxnet making its way into a nuclear facility is straight out of a James Bond film, and this one in Ukraine is pretty close as well.
  • You might think that an attack on this scale was the result of a DDOS (Distributed denial of service attack), where thousands or millions of devices in a botnet network, for example, flood the target devices with requests until they stop working under the pressure of all the demands, but it was not a DDOS attack. A DDOS attack would not physically destroy the targeted devices. The attack was more than two weeks ago, and many terminals are still offline.
  • It looks like the attackers used a zero-day vulnerability in the Satcom device management system that could render the device useless and then somehow (We have some theories!) sent a remote kill command to devices in a specific geographic area (Ukraine). The hitting of devices in other close European countries looks like collateral damage.

My concern is that if these military devices can be attacked and destroyed on a large scale, how vulnerable are other systems that we laypeople use, such as phone networks, utility companies, banks, etc. Or even the Internet. A man in France last month knocked off his entire town’s Internet by accident while trying to limit his children’s screen time. You can read this story HERE.

I will keep you posted as we get more information on this story.

All the best,

Max Roberts,
Incognito Privacy Care Team.