More than 22,000 miles above Earth, the KA-SAT is locked in orbit. Traveling at 7,000 miles per hour, in sync with the planet’s rotation, the satellite beams high-speed Internet down to people across Europe. Since 2011, it has helped homeowners, businesses, and militaries get online. However, as Russian troops moved into Ukraine during the early hours of February 24, satellite Internet connections were disrupted. A mysterious cyberattack against the satellite’s ground infrastructure—not the satellite itself—plunged tens of thousands of people into Internet darkness.
Among them were parts of Ukraine’s defenses. “It was a really huge loss in communications in the very beginning of war,” Viktor Zhora, a senior official at Ukraine’s cybersecurity agency, the State Services for Special Communication and Information Protection (SSSCIP), reportedly said two weeks later. He did not provide any more details, and SSSCIP did not respond to WIRED’s request for comment. But the attack against the satellite Internet system, owned by US company Viasat since last year, had even wider ramifications. People using satellite Internet connections were knocked offline all across Europe, from Poland to France.
Almost a month after the attack, the disruptions continue. Thousands still remain offline in Europe—around 2,000 wind turbines are still disconnected in Germany—and companies are racing to replace broken modems or fix connections with updates. Multiple intelligence agencies, including those in the US and Europe, are also investigating the attack. The Viasat hack is arguably the largest publicly known cyberattack to take place since Russia invaded Ukraine, and it stands out for its impact beyond Ukraine’s borders. But questions about the details of the attack, its purpose, and who carried it out remain—although experts have their suspicions.