WASHINGTON – The cyberattack that cut off satellite communications in Ukraine in the hours before the February 24 invasion was the work of the Russian government, the United States and European nations, it said on Tuesday, formally blaming an attack that shook Pentagon officials and private industry. new vulnerabilities in global communication systems.
In a coordinated set of statements, governments blamed Moscow, but did not explicitly name the organization, which has made sophisticated efforts to obscure Ukrainian communications. But U.S. officials, speaking on condition of anonymity, said it was Russian military intelligence, the GRU, the same group responsible for hacking the Democratic National Committee in 2016, and a series of attacks on the United States and Ukraine.
“This unacceptable cyber attack is another example of Russia’s ongoing pattern of irresponsible behavior in cyberspace, which is also an integral part of its illegal and unjustified invasion of Ukraine,” said Josep Borrell Fonteles, a senior EU diplomat. “Cyberattacks targeting Ukraine, including critical infrastructure, could spread to other countries and have systemic effects, jeopardizing the security of Europe’s citizens.
The attack focused on a system operated by Viasat, a California-based company that provides high-speed satellite communications services – and was heavily used by the Ukrainian government. The attack came weeks after some Ukrainian government websites were hit with data-wiping software.
Viasat’s attack appears to have targeted Ukraine’s command and control of its troops during the critical first hours of Russia’s invasion, US and European officials said. The hack also cut off thousands of civilians in Ukraine and across Europe from the Internet. He even thwarted thousands of wind turbines in Germany that relied on Viasat’s technology to monitor conditions and control the turbine network.
Viasat immediately launched an investigation and called Mandiant, the cybersecurity firm, to write a report. While Viasat published its initial findings in March, in-depth studies were not made public.
However, these initial conclusions were startling: in order to eclipse space satellites, hackers never had to attack the satellites themselves. Instead, they focused on terrestrial modems, devices that communicate with satellites. A senior government official said the vulnerability of these systems was a wake-up call, raising concerns at the Pentagon and US intelligence agencies that feared that Russia or China could exploit similar vulnerabilities in other critical communications systems.
U.S. and European officials have warned that cyberweapons are often unpredictable, and the widespread disruption caused by Viasat hacking has shown how quickly a cyber attack can spread beyond its intended targets. In 2017, a Russian cyber attack in Ukraine called NotPetya quickly spread around the world, disrupting Maersk, the Danish shipping conglomerate and other large companies.
Like other critical infrastructure attacks, such as the Colonial Pipeline hack in 2021, the Viasat hack revealed a weak spot in a basic service that was used by Russian hackers without much technical complexity. The Colonial Pipeline attack led to a face-to-face meeting between President Biden and Russian President Vladimir Putin in Geneva last June. During the meeting, Mr Biden warned Mr Putin of ransomware or other attacks on critical US infrastructure. But Viasat’s attack, albeit on an American company, did not touch American shores.
Officials in the United States and Ukraine have long believed that Russia was responsible for the cyber attack on Viasat, but have not officially “attributed” the incident to Russia. While US officials came to their conclusions long ago, they wanted European nations to take the lead, as the attack resonated significantly in Europe but not in the United States.
Statements released Tuesday called a specific Russian-sponsored hacker group to organize the attack an unusual omission, as the United States routinely leaked information about specific intelligence services responsible for the attacks, in part to demonstrate its visibility to the Russian government.
“We are and will continue to work closely with relevant law enforcement and government agencies as part of the ongoing investigation,” said Dan Blair, a spokesman for Viasat. Mandiant, the cybersecurity firm hired by Viasat to investigate, declined to comment.
But researchers at cybersecurity firm SentinelOne believe the hacking of Viasat was likely the work of the GRU, Russia’s military intelligence. The malware used in the attack, known as AcidRain, shares significant similarities with other malware previously used by the GRU, SentinelOne researchers said.
Unlike its malware predecessor, known as VPNFilter, designed to destroy specific computer systems, AcidRain was designed as a multifunctional tool that could easily be used against a wide variety of targets, the researchers said. In 2018, the Ministry of Justice and the Federal Bureau of Investigation said that the Russian GRU was responsible for creating the VPNFilter malware.
AcidRain malware is “a very common solution, in the worst sense of the word,” said Juan Andres Guerrero-Saade, chief threat researcher at SentinelOne. “They can take that tomorrow, and if they want to attack the supply chain against routers or modems in the United States, AcidRain will work.
U.S. officials have warned that Russia could launch a cyber attack on critical US infrastructure and called on companies to step up their online defenses. The United States has also helped Ukraine detect and respond to Russian cyberattacks, the State Department said.
“As nations committed to upholding rules of international order in cyberspace, the United States and its allies and partners are taking steps to protect themselves against Russia’s irresponsible actions,” said Secretary of State Anthony J. Blinken, noting that the United States provides satellite phones, data terminals and other equipment to connect Ukrainian government officials and critical infrastructure operators.
The United Kingdom has said it will also continue to help Ukraine repel cyber attacks. “We will continue to call for Russia’s malicious behavior and unprovoked aggression on land, sea and cyberspace, and we will ensure that it faces severe consequences,” said Liz Truss, the British Foreign Secretary.
“All parties must join forces to stop the aggressor, make it impossible for them to continue to attack and hold them accountable,” a spokesman for Ukraine’s Security and Intelligence Service said in a statement alleging Viasat hacking. to Russia. “Only sanctions, coordinated action, awareness of public institutions, businesses and citizens can help us achieve this goal and truly achieve peace in cyberspace.
Add Comment