Cyber Incident Victim: Wiesbaden, Hesse, Germany
Date:
Feb 2022
Location:
Germany
Summary
A cyber event targeting Viasat's KA-SAT satellite network disrupted critical infrastructure in Germany, including remote monitoring systems for over 5,800 wind turbines operated by an energy company in Wiesbaden, Hesse. The incident, which coincided with geopolitical tensions in Ukraine, caused widespread satellite communication failures across Europe affecting approximately 30,000 terminals. While the turbines remained operational in automatic mode, the loss of remote control capabilities prompted reporting to Germany's Federal Office for Information Security and activation of national crisis response protocols. The attack also impacted multiple sectors beyond energy, with unconfirmed reports suggesting firmware corruption in satellite modems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 24, 2022, Viasat’s KA-SAT satellite network experienced a widespread outage initially detected in Ukraine before spreading across its European footprint. The California-based satellite provider confirmed the disruption stemmed from a suspected cyber event coinciding with Russia’s invasion of Ukraine. Approximately 30,000 satellite terminals across Europe became inoperable, with unconfirmed reports indicating connected modems had their firmware wiped by a malicious update, rendering them permanently unusable. Terminals running firmware dated July 2021 or newer that were offline during the attack remained functional. Viasat engaged law enforcement agencies, government partners, and a third-party cybersecurity firm to investigate the root cause, emphasizing no evidence suggested customer data compromise. The outage disrupted critical infrastructure, including broadband services for Ukrainian military and police units historically reliant on KA-SAT for communications during national operations like the 2012 parliamentary elections.
The incident severely impacted Germany’s energy sector, where Enercon lost remote monitoring and control capabilities for 5,800 wind turbines across central Europe—representing 11 gigawatts of generating capacity. Although turbines continued operating in automatic mode without immediate safety risks, the disruption impaired real-time oversight and necessitated alternative communication solutions. Enercon promptly notified Germany’s Federal Office for Information Security (BSI), triggering activation of the national IT crisis reaction center. The outage exclusively affected operators using services from Saarbrücken-based provider Euroskypark, which managed satellite links for industrial applications. Concurrently, restaurant chains in Heilbronn—including McDonald’s and Nordsee—reported supply shortages attributed to cyberattacks against their primary logistics suppliers, though no direct link to the KA-SAT incident was established. Viasat’s investigation remained ongoing as of March 8, with the company implementing network precautions to prevent further impacts while attempting service recovery. The BSI had previously warned of heightened cyber threats amid escalating geopolitical tensions.