Cyber Incident Victim: Bavaria
Date:
Feb 2022
Location:
Germany
Summary
A cyber-attack disrupted a key supplier for multiple restaurant chains in Heilbronn, causing product shortages. Separately, a suspected cyber event targeting Viasat's KA-SAT satellite network led to widespread internet outages across Europe, impacting approximately 30,000 terminals and bricking modems via malicious firmware updates; this also severed remote monitoring for over 5,800 wind turbines operated by a German energy company, though power generation continued unaffected. The satellite incident coincided with geopolitical tensions and prompted law enforcement involvement, with critical infrastructure authorities notified. Both events highlighted vulnerabilities in supply chain and satellite communication systems, though attribution and full technical causes remained unconfirmed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 24, 2022, Viasat’s KA-SAT satellite network experienced a partial outage initially detected in Ukraine during the onset of Russia’s invasion. The incident rapidly expanded across Europe, disrupting approximately 30,000 satellite terminals used by commercial and government entities. Viasat confirmed the outage stemmed from a suspected “cyber event” and engaged law enforcement, government partners, and a third-party cybersecurity firm to investigate. The attack compromised modems’ firmware through a malign update, rendering many permanently inoperable except for devices with July 2021 or newer firmware that were offline during the incident. Viasat’s 10 European gateways—including Berlin—remained unaffected by physical damage. Germany’s Enercon reported losing remote monitoring and control for 5,800 wind turbines (11 gigawatts capacity) reliant on KA-SAT connectivity, though turbines continued operating autonomously. Enercon immediately notified Germany’s Federal Office for Information Security (BSI), which had activated its national IT crisis center due to heightened cyberthreat warnings.
Separately, by March 1, 2022, McDonald’s and Nordsee restaurants in Heilbronn, Germany, faced supply shortages attributed to a cyberattack against their primary fresh goods supplier. Both chains posted customer notices citing “massive technical problems” and a “cyber attack” hindering deliveries. The supplier acknowledged disruptions but provided no technical details. No customer data compromise was reported. Meanwhile, Viasat’s investigation remained ongoing with no root cause confirmed, though historical vulnerabilities in unencrypted Very Small Aperture Terminal (VSAT) networks—highlighted by NSA advisories in January 2022 and demonstrated in 2020 academic research—were noted as systemic risks. Enercon collaborated with providers to restore alternative communications while Euroskypark, the affected turbine connectivity provider, did not publicly respond. The KA-SAT outage also impacted Ukrainian military/police units and election monitoring infrastructure historically reliant on the satellite network.