Russia Was Behind Cyberattack in Run-Upwards to Ukraine War, Investigation Finds
May 10, 2022, 6:51 p.grand. ET
May 10, 2022, 6:51 p.chiliad. ET
WASHINGTON — A cyberattack that took down satellite communications in Ukraine in the hours earlier the Feb. 24 invasion was the piece of work of the Russian authorities, the United states and European nations declared on Tuesday, officially fixing the blame for an attack that rattled Pentagon officials and private industry because it revealed new vulnerabilities in global communications systems.
In a coordinated set up of statements, the governments blamed Moscow only did not explicitly name the organization that conducted the sophisticated effort to black out Ukrainian communications. Only American officials, speaking on status of anonymity well-nigh the specifics of the findings, said that it was the Russian military intelligence agency, the K.R.U. — the same grouping responsible for the 2016 hack of the Democratic National Committee and a range of attacks on the U.S. and Ukraine.
“This unacceptable cyberattack is still another example of Russia’due south connected blueprint of irresponsible behavior in net, which also formed an integral office of its illegal and unjustified invasion of Ukraine,” Josep Borrell Fontelles, the European Union’due south top diplomat, said in a statement. “Cyberattacks targeting Ukraine, including confronting disquisitional infrastructure, could spill over into other countries and cause systemic furnishings putting the security of Europe’s citizens at risk.”
The attack was focused on a arrangement run by Viasat, a California company that provides high-speed satellite communication services — and was used heavily by the Ukrainian government. The attack came a few weeks after some Ukrainian government websites were hit with “wiper” software that destroys information.
The Viasat attack appeared intended to disrupt Ukraine’s command and control of its troops during the critical first hours of Russia’s invasion, American and European officials said. The hack also disconnected thousands of civilians in Ukraine and across Europe from the internet. It even thwarted the operation of thousands of wind turbines in Frg that relied on Viasat’s technology for monitoring weather condition and controlling the turbine network.
Viasat immediately launched an investigation and called in Mandiant, the cybersecurity business firm, to write a study. While Viasat published initial conclusions in March, the deeper studies have non been made public.
Nonetheless, those initial conclusions were striking: To blackness out the space-based satellites, the hackers never had to attack the satellites themselves. Instead, they focused on ground-based modems, the devices that communicated with the satellites. One senior regime official said that the vulnerability of those systems was “a wake-up call,” raising concerns at the Pentagon and American intelligence agencies, which fear that Russia or Cathay could exploit like vulnerabilities in other critical communications systems.
U.S. and European officials accept cautioned that cyberweapons are often unpredictable, and the sprawling disruptions acquired past the Viasat hack showed how quickly a cyberattack can spill beyond its intended targets. In 2017, a Russian cyberattack in Ukraine, called NotPetya, quickly spread around the globe, disrupting the operations of Maersk, the Danish shipping conglomerate, and other major companies.
Like other attacks on disquisitional infrastructure, such as the 2021 hack of Colonial Pipeline, the Viasat hack revealed a weak betoken in an essential service that was exploited by Russian hackers without much technical composure. The Colonial Pipeline attack led to the one face-to-face coming together between President Biden and President Vladimir V. Putin of Russia, in Geneva terminal June. During that meeting, Mr. Biden warned Mr. Putin against ransomware or other attacks on critical U.Due south. infrastructure. But the Viasat attack, while directed at an American company, did non touch on American shores.
Officials in the The states and Ukraine had long believed that Russia was responsible for the cyberattack against Viasat, but had not formally “attributed” the incident to Russian federation. While U.S. officials reached their conclusions long ago, they wanted European nations to take the pb, since the attack had significant reverberations in Europe but not in the United States.
The statements released Tuesday stopped short of naming a particular Russian-sponsored hacking group for orchestrating the attack, an unusual omission as the United States has routinely revealed information about the specific intelligence services responsible for attacks, in function to demonstrate its visibility into the Russian government.
“Nosotros have and volition continue to work closely with relevant police enforcement and governmental authorities as part of the ongoing investigation,” said Dan Bleier, a spokesman for Viasat. Mandiant, the cybersecurity house hired by Viasat to investigate the thing, declined to comment on its findings.
But researchers at the cybersecurity firm SentinelOne believed that the Viasat hack was likely the piece of work of the G.R.U., Russia’south war machine intelligence unit. The malware used in the attack, known as AcidRain, shared significant similarities with other malware previously used past the Thousand.R.U., SentinelOne researchers said.
Different its predecessor malware, which is known as VPNFilter and was built to destroy specific calculator systems, AcidRain was created as a multipurpose tool that could easily be used against a wide variety of targets, researchers said. In 2022, the Justice Section and the Federal Bureau of Investigation said that Russian federation’s G.R.U. was responsible for creating the VPNFilter malware.
The AcidRain malware is “a very generic solution, in the scariest sense of the word,” said Juan Andres Guerrero-Saade, a principal threat researcher at SentinelOne. “They can accept this tomorrow and, if they want to practise a supply chain attack confronting routers or modems in the U.South., AcidRain would work.”
U.S. officials have warned that Russian federation could deport out a cyberattack against U.S. critical infrastructure and have urged companies to strengthen their online defenses. The U.S. has likewise aided Ukraine in detecting and responding to Russian cyberattacks, the State Department said.
“As nations committed to upholding the rules-based international order in cyberspace, the U.s. and its allies and partners are taking steps to defend against Russia’s irresponsible actions,” said Secretary of State Antony J. Blinken, noting that the U.s. was providing satellite phones, data terminals and other connectivity equipment to Ukrainian government officials and critical infrastructure operators.
The United Kingdom said information technology would likewise go along to aid Ukraine fend off cyberattacks. “We volition continue to phone call out Russia’s malign behavior and unprovoked aggression across land, sea and net, and ensure it faces astringent consequences,” said Liz Truss, the British foreign secretary.
“All the countries should unite their efforts to stop the assailant, to brand it impossible for them to keep attacking and exist held responsible for their actions,” a spokesperson for Ukraine’due south security and intelligence service said in a statement about the attribution of the Viasat hack to Russia. “Only sanctions, coordinated activity, awareness of public institutions, businesses and citizens can aid us reach this goal and truly achieve peace in the internet.”