Raphael Satter and Christopher Bing

WASHINGTON, (Reuters) – Hackers that crippled tens to thousands of satellite modems across Europe and Ukraine are trying to disrupt U.S. telecommunications firm Viasat while it works to get its users online again, a company official said to Reuters.

Viasat Inc is working hard to get back online after cyberattacks remotely disable satellite modems. This happened just hours before Russian forces invaded Ukraine. According to the official, a parallel attack on Viasat was carried out at nearly identical times and utilized “high volumes” of malicious traffic in order to overthrow Viasat.

On Tuesday, the official claimed that there are still “deliberate attempts”. While Viasat is able to resist the hackers’ attempts with its defensive measures, he stated that Viasat “has been repeatedly trying to modify that pattern to prove those defenses and mitigations”.

According to the official, he spoke under the condition of anonymity. Reuters was briefed by the official ahead of a Wednesday report that outlines the hacker’s systematic attack on satellite modems in Europe and Ukraine on the morning before Russia invaded.

Although the exact impact of the disruption on Ukraine is still unclear, Victor Zhora, a Ukrainian cybersecurity official, stated that the hack caused “a very large loss of communications” in the beginning of the conflict.

Since then, few other details were released. On Friday, the Washington Post said https://www.washingtonpost.com/national-security/2022/03/24/russian-military-behind-hack-satellite-communication-devices-ukraine-wars-outset-us-officials-say that U.S. analysts believed that the hackers were working for Russia’s military intelligence agency.

Although the hacker were not identified in the report, Viasat officials stated that they would not comment on the matter.

The Russian Embassy in Washington did not respond to multiple requests for comment on the hack.

Viasat reports that the hackers used a badly configured virtual private network device to gain remote access the management network of the company’s KA–SAT satellite. Skylogic is an Italy-based company and provides services to customers throughout Europe.

Skylogic failed to return messages late Tuesday night.

According to the report, hackers were sending rogue commands from within the network to thousands of modems at the same time. They overwritten key bits of data and rendered them unusable.

According to the report, the hacker started at 6:15 AM Ukraine time on February 24, and would ultimately cripple most Viasat modems in Ukraine. About an hour prior, the parallel attack with malicious traffic started.

While the company refused to give a number for all affected devices, the report stated that close to 30,000 modems have been delivered to distributors so customers can get back online.