Cyber Incident Victim: Enercon

On February 24, 2022, Viasat's KA-SAT satellite network experienced a partial outage across Europe following a suspected cyber event that initially disrupted services in Ukraine. The incident coincided with the onset of Russia's invasion of Ukraine, though no direct attribution was confirmed. Viasat reported the outage impacted approximately 30,000 satellite terminals used by various industries, including telecommunications, military, and energy sectors. The disruption affected fixed broadband customers in Ukraine and spread across the KA-SAT European network footprint. Germany's Enercon GmbH, a wind energy company, lost remote monitoring and control capabilities for 5,800 wind turbines with a combined capacity of 11 gigawatts due to the satellite link failure. The turbines remained operational in automatic mode but could not transmit performance data or receive remote commands. Enercon immediately reported the incident to Germany's Federal Office for Information Security (BSI), classifying it as critical infrastructure impairment. The outage also affected Ukrainian military and police communications that relied on KA-SAT infrastructure, according to government contracts reviewed by Reuters. Viasat engaged law enforcement agencies, government partners, and a third-party cybersecurity firm to investigate the root cause while implementing network precautions to prevent further damage. Initial analysis suggested no compromise of customer data. Unconfirmed reports indicated attackers may have deployed malicious firmware updates that rendered modems inoperable, except for devices with July 2021 firmware or newer that were offline during the incident. The BSI had activated Germany's national IT crisis response center prior to the incident due to heightened cyber threat warnings.

Viasat's investigation confirmed the outage originated from a cyber event but did not disclose technical specifics or attribution. The company operated ten ground gateways across Europe unaffected by physical damage, located in cities including Berlin, Madrid, and Helsinki. Enercon worked with satellite providers to restore connectivity while assisting wind farm operators in establishing alternative communication channels. The German Wind Energy Association clarified only operators using Euroskypark's satellite services were affected. The incident highlighted vulnerabilities in Very Small Aperture Terminal (VSAT) networks, following NSA warnings about unencrypted satellite communications and terminal compromise risks. Security researchers had previously demonstrated interception and modification of VSAT traffic using consumer-grade equipment, emphasizing systemic security weaknesses. Viasat maintained its encrypted military communications services for US defense customers remained unaffected. As of March 8, 2022, service recovery efforts continued with no public resolution timeline. The disruption underscored dependencies on satellite infrastructure for industrial control systems and the cascading impacts of cyber incidents across multiple critical sectors.