The Turla APT group (we think), who are responsible for the Epic Turla cyber-espionage operation, pushing malware to hundreds of computers in more than 45 countries, have hijacked downstream links from satellites to hide their command and control servers.
The Turla attack campaigns used different vectors like; Phishing, SpearPhishing, and Watering hole attacks.
In order to hack a satellite, the only items needed are a place where a satellite provides Internet coverage, a satellite dish and a hardwired Internet connection. Hackers set up the satellites dishes to intercept and sniff the traffic.
Detailed information is here.