For context, Viasat is a satellite ISP based in the US and Russia attacked and disabled some of their user terminals at the start of the war, not just inside Ukraine but all over Europe.

TR069 can do so much to routers as well, sometimes its better to switch it off, if the device allows it.

I have been using an ISP-provided ADSL modem/router combo (not rented) for a while, and had it configured with an OpenVPN server... one day it stopped working, and when I went to investigate found that the ISP had disabled that functionality remotely. No warning, no communication, just gone. Couldn't roll back the firmware or disable TR069 either. Bastards.

TR069 is useful for the ISP but a blight on users. I haven't gotten around to it yet but I'm changing over to bridged mode and going to get a nice OPNSense or similar appliance to handle the firewalling and PPPoE stuff.

It does look like my initial theory (https://news.ycombinator.com/item?id=30592258) was correct and this attack had nothing to do with satellite connections per-se and would apply just fine to terrestrial ISPs too.

With something as complex as this, it really makes you wonder how far in advance this was planned.

Also curious to know how long viasat has been compromised for and what else the attackers were doing while this was developed.

I hope the additional weaknesses were disclosed to Viasat ahead of the publication.