{"uuid": "8ed7f01e-cea6-4138-b261-9548842e33f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-13379", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/4205", "content": "Hackers Arise Satellite Hacking: How Russia Knocked out the ViaSat System at the Outset of the Ukraine War \nWelcome back, my aspirational cyberwarriors!\n\n\n\n\nSatellite hacking is the new frontier in cyber warfare!\n\n\n\n\nSatellites are an essential infrastructure in any industrialized, digitally advanced nation. Not only do they carry radio, television, Internet and telephone calls, but they are an critical element each nations military infrastructure. An attacker who can interfere or degrade satellite signals will have a decided advantage in any cyberwar. Even ignoring the impact on military reconnaissance and communication, attacks against the civilian infrastructure can cause significant communication disruptions and an overwhelming psychological impact on the civilian population. As any general in any army will tell you, psychological warfare can be nearly as impactful as kinetic warfare.\n\n\n\n\n\n\n\n\n\n\nDDoS\n\n\n\n\nThroughout the short history of cyber warfare, DDoS attacks have been favorite initial strategy to create confusion, promote disinformation, and generate anxiety among the civilian population. The very first cyberwar was 2008 when Russia invaded its former Soviet state, Georgia. Before marching into South Ossetia, the Russians engineered a massive DDoS attack against the digital infrastructure of Georgia. The result was communication nation-wide was degraded and the Russians were able spread disinformation on their channels. The civilian population was distraught (can you imagine waking up one day without Internet, TV, or phone?) and the resistance fractured. The Russians marched in and still occupy South Ossetia to this day, 2024.\n\n\n\n\nRussia used a similar strategy against Ukraine in February 2024 with one new wrinkle, they took down the ViaSat satellite infrastructure of Ukraine and nearby regions in other European countries. \n\n\n\n\nThis is likely the first entry into the history satellite cyberwarfare.\n\n\n\n\nLet&apos;s take a deep dive into what actually happened.\n\n\n\n\nFortinet Vulnerability\n\n\n\n\nFour years earlier, Fortinet the US based cybersecurity company with sells next-generation firewalls and VPN&apos;s among other things, a cybersecurity researcher discovered a vulnerability in the Fortinet VPN product that leaked the passwords where an HTTP request could make a directory traversal to a directory that stored the usernames and passwords. In essence, an attacker could make a HTTP request and receive the passwords if they knew where to look. This vulnerability was designated CVE-2018-13379. Note that this was nearly a 4 year old, known vulnerability at the time of the attack.\n\n\n\n\nThe vulnerability was described as:\n\n\n\n\nDescription\n\n\n\n\nAn Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.\n\n\n\nIt was rated a 9.8 or critical. In plain language, this vulnerability allows the attack to navigate from the default to another directory that includes the username and password.\n\n\n\n\nThe Russians, likely the GRU in St. Petersburg, were able to use this vulnerability to gain access to a ViaSat management console in Turin, Italy. \n\n\n\n\nIf the folks in Turin had been doing their cyber threat intelligence vigilantly, they would have noticed this alert on X (Twitter) the day before.\n\n\n\n\n\n\n\nNote the date. It was literally the day before Russia attacked and the IP address is from St. Petersburg, Russia.\n\n\n\n\nOnce the intruders gained access to the ViaSat management console, the proceeded to upload malware to the user&apos;s network consoles via the satellite. This is the functionality that would normally be used to upgrade or update the firmware on the user network. This m[...]", "creation_timestamp": "2024-09-17T15:34:12.000000Z"}