The United States and European countries announced on Tuesday that a cyber attack that brought down satellite communications in Ukraine in the hours leading up to the February 24 invasion was the work of the Russian government, and formally blamed the attack, which alarmed Pentagon officials and the private sector as it exposed vulnerabilities. New in global communications systems.
In a coordinated set of statements, governments blamed Moscow but did not explicitly mention the organization that carried out the complex effort to block Ukrainian communications. But US officials, who spoke on condition of anonymity about the details of the findings, said the Russian military intelligence agency, the GRU – the same group responsible for the 2016 Democratic National Committee hack and a host of attacks on the United States. and Ukraine.
“This unacceptable cyberattack is another example of the continuing pattern of Russia’s irresponsible behavior in cyberspace, which has also formed an integral part of its unlawful and unjustified invasion of Ukraine,” Josep Borrell Fontel, the EU’s chief diplomat, said in a statement. “Cyber-attacks targeting Ukraine, including against critical infrastructure, could spread to other countries and cause systemic effects that endanger the security of European citizens.”
The attack focused on a system operated by Viasat, a California company that provides high-speed satellite communications services — and used extensively by the Ukrainian government. The attack came a few weeks after some Ukrainian government websites were infected with data-destroying “squeegee” software.
US and European officials said the Vysat attack appeared to have been aimed at disrupting Ukraine’s command and control of its forces during the critical first hours of the Russian invasion. The hack also cut thousands of civilians in Ukraine and across Europe from the Internet. It even thwarted the operation of thousands of wind turbines in Germany that relied on Viasat technology to monitor conditions and control the turbine network.
Viasat immediately launched an investigation and invited cybersecurity firm Mandiant to write a report. While visa Preliminary results published in March, deeper studies have not been announced.
However, those initial conclusions were startling: to block satellites in space, hackers never had to attack satellites themselves. Instead, they focused on terrestrial modems, which are devices that communicate with satellites. One senior government official said the vulnerabilities of these systems served as an “alarm bell,” raising concerns in the Pentagon and US intelligence agencies, which fear that Russia or China could exploit similar vulnerabilities in other critical communications systems.
US and European officials have warned that cyber weapons are often unpredictable, and the sprawling turmoil caused by the Viasat hack showed just how quickly cyberattacks can spread beyond their intended targets. In 2017, a Russian cyber attack In Ukraine, called NotPetya, it quickly spread around the world, disrupting the operations of Maersk, the Danish shipping conglomerate, and other major companies.
Like other attacks on critical infrastructure, such as the 2021 hack colonial pipelineThe Viasat hack exposed a vulnerability in a core service that was exploited by Russian hackers without much technical sophistication. The colonial pipeline attack led to a face-to-face meeting between President Biden and Russian President Vladimir Putin, in Geneva last June. During that meeting, Biden warned Mr. Putin about ransomware or other attacks on critical US infrastructure. But the Vyasat attack, which targeted an American company, did not touch American shores.
Officials have been in the United States and Ukraine for a long time It is believed that Russia was responsible for the cyberattack on Viasat, but he did not officially “attribute” the incident to Russia. While US officials had drawn their conclusions long ago, they wanted European countries to take the lead, as the attack had significant resonance in Europe but not in the United States.
The statements released on Tuesday fell short of naming a particular Russian-sponsored hacking group to orchestrate the attack, an unusual omission because the United States has routinely disclosed information about specific intelligence services responsible for the attacks, in part to establish its appearance in the Russian government. .
“We have and will continue to work closely with relevant law enforcement and government authorities as part of the ongoing investigation,” said Dan Blair, a Phyasat spokesperson. Mandiant, the cybersecurity firm that Viasat hired to investigate the matter, declined to comment on its findings.
But researchers at a cybersecurity company guard one It is believed that the Viasat hack was most likely the work of the GRU, the Russian military intelligence unit. The malware used in the attack, known as AcidRain, shares significant similarities with other malware previously used by the GRU, guard one The researchers said.
Unlike previous malware, known as VPNFilter which was created to destroy certain computer systems, AcidRain was created as a multi-purpose tool that can be easily used against a variety of targets, the researchers said. In 2018, the Ministry of Justice and the FBI said that the Russian Military Intelligence was responsible for creating a file VPNFilter Malware.
Juan Andres Guerrero-Saade, Principal Threat Researcher at SentinelOne, said the AcidRain malware is “a very generic solution, in the scariest sense of the word”. “They can take this tomorrow, and if they want to do a supply chain attack against routers or modems in the US, AcidRain will work.”
US officials have warned that Russia could launch a cyber attack on critical US infrastructure and urged companies to bolster their online defenses. The State Department said the United States also helped Ukraine detect and respond to Russian cyberattacks.
Secretary of State Anthony J. Satellite phones, data stations, and other communication equipment for Ukrainian government officials and critical infrastructure operators.
The UK said it would also continue to help Ukraine fend off cyber attacks. “We will continue to recall Russia’s malign behavior and unprovoked aggression across land, sea and cyberspace, ensuring that it faces dire consequences,” Britain’s Foreign Secretary Liz Truss said.
Russia has attributed the Viasat hack to Russia, a spokesman for the Ukrainian Security and Intelligence Service said in a statement. “Only sanctions, coordinated activity, and outreach to public institutions, businesses, and citizens can help us reach this goal and truly achieve peace in cyberspace.”