WASHINGTON — A cyberattack that crippled satellite communications in Ukraine in the hours leading up to the Feb. 24 invasion was the work of the Russian government, the United States and European nations, who were declared Tuesday and officially blamed for an attack The Pentagon official shook and private industry by revealing new vulnerabilities in global communications systems.
In a series of coordinated statements, the governments blamed Moscow but did not specifically name the organization that undertook the elaborate effort to black out Ukrainian communications. But American officials, who spoke on condition of anonymity about the details of the findings, said it was the Russian military intelligence agency GRU – the same group responsible for the 2016 hack of the Democratic National Committee and a series of attacks on the US and Ukraine.
“This unacceptable cyberattack is another example of Russia’s continued irresponsible behavior in cyberspace, which also formed an integral part of its illegal and unjustified invasion of Ukraine,” said Josep Borrell Fontelles, the European Union’s top diplomat, in a statement. “Cyberattacks on Ukraine, including against critical infrastructure, could spill over to other countries and have systemic repercussions that threaten the security of Europe’s citizens.”
The attack focused on a system operated by Viasat, a California company that offers high-speed satellite communications services – and was heavily used by the Ukrainian government. The attack came weeks after some Ukrainian government websites were attacked with data-destroying “wiper” software.
The Viasat attack appears designed to disrupt Ukraine’s command and control of its troops during the critical first hours of the Russian invasion, US and European officials said. The hack also disconnected thousands of civilians from the internet in Ukraine and across Europe. It has even thwarted the operation of thousands of wind turbines in Germany, which had relied on Viasat’s technology to monitor turbine network conditions and control.
Viasat immediately launched an investigation and asked cybersecurity firm Mandiant to write a report. While Viasat published initial conclusions in March, the deeper studies were not published.
Still, these initial conclusions were remarkable: in order to obfuscate the space-based satellites, the hackers never had to attack the satellites themselves. Instead, they focused on ground-based modems, the devices that communicated with the satellites. A senior government official said the vulnerability in those systems was “a wake-up call,” prompting concerns from the Pentagon and American intelligence agencies that Russia or China could exploit similar vulnerabilities in other critical communications systems.
US and European officials have warned that cyberweapons are often unpredictable, and the widespread disruption caused by the Viasat hack demonstrated how quickly a cyberattack can spill over from its intended targets. In 2017, a Russian cyberattack called NotPetya in Ukraine quickly spread around the world, disrupting the operations of Maersk, the Danish shipping conglomerate, and other major companies.
Like other critical infrastructure attacks, such as the Colonial Pipeline hack in 2021, the Viasat hack exposed a vulnerability in an essential service that was exploited by Russian hackers without much technical sophistication. The attack on the Colonial Pipeline led to a one-on-one meeting between President Biden and Russian President Vladimir V. Putin in Geneva last June. During that meeting, Mr. Biden warned Mr. Putin about ransomware or other attacks on critical US infrastructure. But the Viasat attack, aimed at an American company, did not touch American shores.
Officials in the United States and Ukraine had long assumed that Russia was responsible for the Viasat cyberattack, but had not officially “attributed” the incident to Russia. While US officials reached their conclusions long ago, they wanted European nations to take the lead as the attack had significant reverberations in Europe but not the United States.
Statements released Tuesday stopped naming a specific Russian-sponsored hacking group for orchestrating the attack, an unusual omission given that the United States has routinely divulged information about the specific intelligence agencies responsible for attacks, in part around its own To demonstrate visibility to the Russian government.
“We have been and will be working closely with relevant law enforcement and government agencies as part of the ongoing investigation,” said Dan Bleier, a spokesman for Viasat. Mandiant, the cybersecurity firm hired by Viasat to investigate the matter, declined to comment on its findings.
However, researchers at cybersecurity company SentinelOne believed that the Viasat hack was likely the work of the GRU, Russia’s military intelligence agency. The malware used in the attack, known as AcidRain, had significant similarities to other malware previously used by the GRU, SentinelOne researchers said.
Unlike its predecessor malware, known as VPNFilter, which was designed to destroy specific computer systems, AcidRain was designed as a multi-purpose tool that can be easily deployed against a variety of targets, researchers said. In 2018, the Justice Department and the Federal Bureau of Investigation claimed that the Russian GRU was responsible for creating the VPNFilter malware.
The AcidRain malware is “a very generic solution in every sense of the word,” said Juan Andres Guerrero-Saade, a senior threat researcher at SentinelOne. “They can take over that tomorrow, and if they want to do a supply chain attack against routers or modems in the US, AcidRain would work.”
US officials have warned that Russia could launch a cyberattack on critical US infrastructure and have urged companies to step up their online defences. The US has also helped Ukraine detect and respond to Russian cyberattacks, the State Department said.
“As nations committed to maintaining the rules-based international order in cyberspace, the United States and its allies and partners are taking steps to challenge Russia’s irresponsible actions,” said Secretary of State Antony J. Blinken, noting, that the United States was willing to provide satellite phones, data terminals and other connectivity devices to Ukrainian government officials and critical infrastructure operators.
The UK said it will continue to help Ukraine fend off cyberattacks. “We will continue to denounce Russia’s malicious behavior and unprovoked aggression on land, sea and cyberspace and ensure that it faces serious consequences,” said British Foreign Secretary Liz Truss.
“All countries should join efforts to stop the attacker, make it impossible for them to continue attacking and be held accountable for their actions,” a spokesman for Ukraine’s security and intelligence service said in a statement on the Viasat attribution -Hacks to Russia. “Only sanctions, coordinated activities, awareness of public institutions, businesses and citizens can help us achieve this goal and achieve real peace in cyberspace.”
Read Also :