WASHINGTON – A cyberattack that destroyed satellite communications in Ukraine in the hours leading up to the February 24 invasion is the work of the governments of Russia, the United States and European nations announced on Tuesday, officially fixes for an attack that has confounded Pentagon officials and private industry as it revealed new vulnerabilities in global communications systems.
In a series of coordinated statements, the governments blamed Moscow but did not name the organization that made the sophisticated attempt to blacken Ukrainian communications. However, U.S. officials, who spoke on condition of anonymity about the specifics of the find, said it was Russia’s military intelligence agency, the GRU — the same group responsible for the 2016 hack of the Democratic National Committee. host and a series of attacks against the United States. and Ukraine.
Josep Borrell Fontelles, the European Union’s top diplomat, said: “This unacceptable cyberattack is yet another example of Russia’s continued irresponsibility in cyberspace, which is also the an integral part of its illegal and unjustified invasion of Ukraine,” Josep Borrell Fontelles, the European Union’s top diplomat, said in a statement. “Cyberattacks targeting Ukraine, including critical infrastructure, could spill over into other countries and cause systemic effects that put the security of European citizens at risk.”
The attack centered on a system operated by Viasat, a California company that provides high-speed satellite communications services – and is heavily used by the Ukrainian government. The attack comes weeks after several Ukrainian government websites were hacked with data-destroying “wiper” software.
US and European officials said the Viasat attack appeared to be aimed at disrupting Ukraine’s military command and control in the critical first hours of the Russian invasion, US and European officials said. know. The attack also left thousands of civilians in Ukraine and across Europe disconnected from the Internet. It even hinders the operation of thousands of wind turbines in Germany that rely on Viasat’s technology to monitor conditions and control the turbine network.
Viasat immediately opened an investigation and called Mandiant, the cybersecurity company, to write a report. While Viasat published its initial findings in March, further studies have yet to be made public.
However, the initial conclusions were impressive: To black out satellites in space, hackers never had to attack the satellites themselves. Instead, they focus on terrestrial modems, devices that communicate with satellites. A senior government official said the vulnerabilities of these systems were a “wake-up call” that raised concerns at the Pentagon and in US intelligence agencies, which were concerned that Russia or China might not be able to do so. Countries could exploit similar vulnerabilities in other critical communications systems.
U.S. and European officials have warned that cyberattacks are often unpredictable and the mass disruption caused by the Viasat attack suggests a cyberattack can go beyond the target How fast is expected. In 2017, one Russian cyber attack in Ukraine, called NotPetya, quickly spread globally, disrupting the operations of Maersk, the Danish shipping group, and other large companies.
Like other attacks on critical infrastructure, such as the 2021 attack of Colonial Pipeline, the Viasat hack exposed a weakness in an essential service that was exploited by Russian hackers without much technical sophistication. The Colonial Pipeline attack led to a face-to-face meeting between President Biden and President Vladimir V. Putin of Russia, in Geneva last June. During that meeting, Biden warned Putin against ransomware or other attacks on critical American infrastructure. But Viasat’s attack, while targeting an American company, did not reach American shores.
Officials in the United States and Ukraine have long since believes that Russia is responsible for the cyberattack on Viasat, but has not officially “attributed” the incident to Russia. While American officials have long since reached the conclusion, they want European nations to take the lead because the attack has resonated greatly in Europe, not in the United States.
The statements released on Tuesday ceased to name a specific Russian-sponsored hacking group that orchestrated the attack, an unusual omission given the routine disclosure of information about specific intelligence services by the United States. may be responsible for the attacks, in part to demonstrate their visibility to the Russian government.
“We have been and will continue to work closely with relevant government and law enforcement agencies as part of our ongoing investigation,” said Dan Bleier, a Viasat spokesman. Mandiant, the cybersecurity company hired by Viasat to investigate the matter, declined to comment on its findings.
But researchers at the cybersecurity company SentinelOne believes that the Viasat hack is likely the work of the GRU, Russia’s military intelligence unit. The malware used in the attack, called AcidRain, shares significant similarities with other malware previously used by GRU, SentinelOne said the researchers.
Unlike its predecessor malware, called VPNFilter and built to destroy specific computer systems, AcidRain was created as a multi-purpose tool that can easily be used against multiple targets, the researchers said. In 2018, the Ministry of Justice and the Federal Bureau of Investigation said that the Russian GRU was responsible for creating VPNFilter Malware.
The AcidRain malware is “a very generic solution, in the scariest sense of the word,” said Juan Andres Guerrero-Saade, a principal threat researcher at SentinelOne. “They can do this tomorrow, and if they want to do a supply chain attack against a router or modem in the US, AcidRain will work.”
US officials have warned that Russia could carry out a cyberattack against critical US infrastructure and called on companies to beef up their online defenses. The United States has also assisted Ukraine in detecting and responding to Russian cyberattacks, the State Department said.
Secretary of State Antony J. Blinken said: “As nations commit to upholding the rules-based international order in cyberspace, the United States and its allies and partners are taking steps to protect against it. Russia’s irresponsible actions,” said Foreign Minister Antony J. Blinken. satellite phones, data terminals and other connectivity devices for Ukrainian government officials and critical infrastructure operators.
The UK said it would also continue to help Ukraine fight cyber attacks. “We will continue to condemn Russia’s cruel behavior and unprovoked aggression on land, at sea and in cyberspace, and make sure it confronts it,” said Liz Truss, British Foreign Secretary. with serious consequences”.
“All countries should unite in their efforts to stop the aggressor, so that they cannot continue to attack and be held accountable for their actions,” a spokesman for Ukraine’s intelligence and security service said. know in a statement about the Viasat attack on Russia. “Only sanctions, coordinated action, awareness of public institutions, businesses and citizens can help us achieve this goal and truly achieve peace in cyberspace.” .
