Russia-Ukraine War News: Live Updates
WASHINGTON – A cyberattack that shut down satellite communications in Ukraine hours before the February 24 invasion was the work of the Russian government, the United States and European nations declared on Tuesday, and officially blamed an attack that rattled Pentagon officials and private industry because it revealed new vulnerabilities in global communication systems.
In a coordinated set of statements, the governments blamed Moscow but did not explicitly name the organization that carried out the sophisticated effort to obscure Ukrainian communications. But US officials, who spoke on condition of anonymity about the details of the findings, said it was the Russian military intelligence service, GRU – the same group responsible for the 2016 hacking of the Democratic National Committee and a series of attacks on the United States and Ukraine.
“This unacceptable cyberattack is another example of Russia’s continued pattern of irresponsible behavior in cyberspace, which also formed an integral part of its illegal and unjustified invasion of Ukraine,” said EU High Commissioner Josep Borrell Fontelles in a statement. “Cyberattacks targeting Ukraine, including critical infrastructure, could spread to other countries and cause systemic effects that jeopardize the security of Europe’s citizens.”
The attack was focused on a system operated by Viasat, a California-based company that provides high-speed satellite communications services – and was widely used by the Ukrainian government. The attack came a few weeks after some Ukrainian authorities’ websites were hit by “wiper” software that was destroying data.
The Viasat attack appeared to disrupt Ukraine’s command and control of its troops during the critical first hours of Russia’s invasion, US and European officials said. The hack also disconnected thousands of civilians in Ukraine and across Europe from the internet. It even hindered the operation of thousands of wind turbines in Germany that relied on Viasat’s technology to monitor conditions and control the turbine network.
Viasat immediately launched an investigation and called in Mandiant, the cyber security company, to write a report. While Viasat published the first conclusions in March, the deeper studies have not been published.
However, the first conclusions were striking: In order to obscure the space-based satellites, the hackers never had to attack the satellites themselves. Instead, they focused on terrestrial modems, the devices that communicated with the satellites. A senior government official said the vulnerability of these systems was “an alarm clock”, raising concerns among the Pentagon and US intelligence services, who fear that Russia or China could exploit similar vulnerabilities in other critical communications systems.
US and European officials have warned that cyber weapons are often unpredictable, and the widespread disruption caused by the Viasat hack showed how quickly a cyber attack can spread beyond the intended targets. In 2017, a Russian cyber attack in Ukraine, called NotPetya, spread rapidly around the world, disrupting the operations of Maersk, the Danish shipping conglomerate and other large companies.
Like other critical infrastructure attacks, such as the Colonial Pipeline 2021 hack, the Viasat hack revealed a weak point in an important service used by Russian hackers without much technical sophistication. The Colonial Pipeline attack led to a face-to-face meeting between President Biden and Russian President Vladimir V. Putin in Geneva in June last year. During that meeting, Biden warned Putin of ransomware or other attacks on critical US infrastructure. But the Viasat attack, while targeting a US company, did not affect US beaches.
Officials in the United States and Ukraine had long believed that Russia was responsible for the cyber attack on Viasat, but had not formally “attributed” the incident to Russia. While US officials reached their conclusions long ago, they wanted European nations to take the lead, as the attack had significant repercussions in Europe but not in the United States.
The statements released on Tuesday ended by naming a certain Russian-sponsored group of hackers for orchestrating the attack, an unusual omission because the United States has routinely revealed information about the specific intelligence services responsible for the attacks, in part to show its visibility in the Russian government.
“We have and will continue to work closely with relevant law enforcement agencies and authorities as part of the ongoing investigation,” said Dan Bleier, a spokesman for Viasat. Mandiant, the cybersecurity company hired by Viasat to investigate the matter, declined to comment on its findings.
But researchers at the cybersecurity company SentinelOne thought the Viasat hack was probably a work of the GRU, Russia’s military intelligence unit. Malware used in the attack, known as AcidRain, shared significant similarities with other malicious software previously used by GRU. SentinelOne said the researcher.
Unlike its predecessor malware, known as VPNFilter and built to destroy specific computer systems, AcidRain was created as a versatile tool that can be easily used against a variety of targets, researchers said. In 2018, the Ministry of Justice and the Federal Bureau of Investigation said that Russia’s GRU was responsible for creating VPNFilter malware.
AcidRain malware is “a very generic solution, in the scariest sense of the word,” said Juan Andres Guerrero-Saade, a senior threat researcher at SentinelOne. “They can take this tomorrow and if they want to launch a supply chain attack on routers or modems in the US, AcidRain would work.”
US officials have warned that Russia could carry out a cyber attack on US critical infrastructure and have called on companies to strengthen their online defenses. The United States has also helped Ukraine detect and respond to Russian cyberattacks, the State Department said.
“As nations committed to maintaining the rule-based international order in cyberspace, the United States and its allies and partners are taking steps to defend themselves against Russia’s irresponsible actions,” said Foreign Minister Antony J. Blinken, noting that the United States provides satellite phones, computer terminals and more. connection equipment to Ukrainian government officials and critical infrastructure operators.
Britain said it would also continue to help Ukraine ward off cyberattacks. “We will continue to call out Russia’s malicious behavior and unprovoked aggression over land, sea and cyberspace, and ensure that it has serious consequences,” said Liz Truss, the British Foreign Secretary.
“All countries should unite their efforts to stop the attacker, to make it impossible for them to continue to attack and to be held accountable for their actions,” a spokesman for Ukraine’s security and intelligence service said in a statement attributed to the Viasat hack. to Russia. “Only sanctions, coordinated activity, awareness of public institutions, businesses and citizens can help us achieve this goal and truly achieve peace in cyberspace.”