Collateral Damage: SATCOM Terminals

“My theory is that attackers somehow managed to compromise/spoof the ground station/NOC in charge of those spot beams covering, at least, Ukraine. At a certain time they abused a legitimate control protocol to issue specific commands to the targeted SATCOM terminals, resulting in the claimed permanent damage. That request may involve disabling the transmitter, corrupting the antenna pointing logic, demod, power params…

…Finally, we should bear in mind that, as it has been explained, the KA-SAT infrastructure involves multiple interconnected gateways Earth Stations and a specific number of mappings between beams and gateways. As a result, I would say that probably the Enercon incident, and the disruption that [occurred] in other [E]uropean countries, were just a ‘collateral damage’ derived from attacking the main target: Ukraine.

-Ruben Santamarta, “SATCOM terminals under attack in Europe: a plausible analysis.” March 7, 2022

I thought this was an interesting example of how a cyber attack has unintended effects and does not necessarily hit the intended target.