WASHINGTON — A cyberattack that knocked out satellite communications in Ukraine in the hours before the Feb. 24 invasion was the work of the Russian government, the United States and European nations declared Tuesday, officially laying the blame for an attack that unsettled Pentagon officials. and private industry representatives because it revealed new vulnerabilities in global communications systems.
In a coordinated set of statements, the governments blamed Moscow but did not explicitly name the organization that carried out the sophisticated effort to block communications ukrainian
The head of foreign policy of the European Union, Josep Borrell, gives a press conference after a meeting,. AP Photo/Olivier Matthys
But the US officials, who spoke on condition of anonymity about details of the findings, said it was the Russian military intelligence agency, the GRUthe same group responsible for hacking the Democratic National Committee in 2016 and a series of attacks against the US and Ukraine.
“This unacceptable cyber attack is yet another example of Russia’s continuing pattern of irresponsible behavior in cyberspace, which was also an integral part of its illegal and unwarranted invasion of Ukraine,” Josep Borrell Fontelles, the European Union’s top diplomat, said in a statement. release.
“Cyber attacks targeting Ukraine, including against critical infrastructure, could spread to other countries and cause systemic effects that endanger the security of the citizens of Europe”.
The attack targeted a system run by Viasat, a California company that provides high-speed satellite communication services, and was heavily used by the Ukrainian government.
The attack came a few weeks after some Ukrainian government websites were attacked with software. “cleaner” which destroys the data.
The Viasat attack appeared intended to disrupt Ukraine’s command and control of its troops during the critical first hours of Russia’s invasion, US and European officials said.
The hack also disconnected thousands of civilians in Ukraine and across Europe from the Internet. He even thwarted the operation of thousands of wind turbines in Germany that relied on Viasat technology to monitor conditions and control the turbine network.
Viasat immediately launched an investigation and called Mandiant, the cyber securityto write a report.
Although Viasat published initial findings in March, the deeper studies have not been made public.
Nonetheless, those initial conclusions were surprising:
to shut down space satellites, hackers never had to attack the satellites themselves.
Instead, they focused on terrestrial Modems, devices that communicated with satellites.
A senior government official said the vulnerability of those systems was “an attention call“, raising concerns in the Pentagon and US intelligence agencies, who fear that Russia or China could exploit similar vulnerabilities in other critical communications systems.
US and European officials have warned that cyber weapons are often unpredictable, and the expanding disruptions caused by the Viasat hack demonstrated how quickly a cyber attack can spread beyond its intended targets.
In 2017, a Russian cyber attack in Ukraine, called NotPetya, quickly spread around the world and disrupted the operations of Maerskthe Danish shipping conglomerate, and other major companies.
Like other attacks on critical infrastructure, such as the Colonial Pipeline hack in 2021, the Viasat hack revealed a weakness in an essential service that was exploited by Russian hackers. without much technical sophistication.
The attack on the Colonial Pipeline led to the only face-to-face meeting between the president Joe Biden and the president Vladimir Putin of Russia, in Geneva in June.
During that meeting, Biden warned Putin against ransomware or other attacks on critical US infrastructure.
But the Viasat attack, while targeting a US company, did not touch US shores.
Officials in the United States and Ukraine had long believed that Russia was responsible for the Viasat cyberattack, but had not formally “attributed” the incident to Russia.
Although US officials reached their conclusions long ago, they wanted European nations to take the initiativeas the attack had significant repercussions in Europe but not in the United States.
Statements released Tuesday stopped short of naming a hacking group sponsored by Russia in particular for orchestrating the attack, an unusual omission as the United States has routinely disclosed information about the specific intelligence services responsible for the attacks, in part to demonstrate its visibility in the Russian government.
“We have and will continue to work closely with relevant government and law enforcement authorities as part of the ongoing investigation,” said Viasat spokesman Dan Bleier.
Mandiant, the cybersecurity firm Viasat hired to investigate, declined to comment on its findings.
But researchers at the cybersecurity firm SentinelOne believed the Viasat hack was likely the work of the GRU, Russia’s military intelligence unit.
The malware used in the attack, known as Acid Rainshared significant similarities with other malware previously used by GRU, SentinelOne researchers said.
Unlike its predecessor malware, which is known as VPNFilter and was created to destroy targeted computer systems, AcidRain was created as a multipurpose tool that could easily be used against a wide variety of targets, the researchers said.
In 2018, the Justice Department and the FBI said that Russia’s GRU was responsible for creating the VPNFilter malware.
AcidRain malware is “a very generic solution, in the most scary of the word,” said Juan Andrés Guerrero-Saade, senior threat investigator at SentinelOne.
“You can take this tomorrow and if you want to do a supply chain attack against routers or modems in the US, AcidRain would work.”
US officials have warned that Russia could carry out a cyberattack against critical US infrastructure and urged companies to strengthen their defenses online.
The United States has also helped Ukraine detect and respond to Russian cyberattacks, the State Department said.
“As nations have pledged to uphold the rules-based international order in cyberspace, the United States and its allies and partners are taking steps to defend against Russia’s irresponsible actions,” Secretary of State said. Antony J. Blinkennoting that the United States was providing satellite phones, data terminals and other connectivity equipment to Ukrainian government officials and critical infrastructure operators.
The UK said it would also continue to help Ukraine defend against cyber attacks.
“We will continue to denounce the behavior evil one and Russia’s unprovoked aggression on land, sea and cyberspace, and we will make sure it faces serious consequences,” said Liz Truss, the British Foreign Secretary.
“All countries must unite their efforts to stop the aggressor, to make it impossible for him to continue attacking and to take responsibility for his actions,” a spokesman for Ukraine’s security and intelligence service said in a statement about attributing the Viasat hack. to Russia.
“Only sanctions, coordinated activity, the awareness of public institutions, companies and citizens can help us achieve this goal and truly achieve peace in cyberspace.”
c.2022 The New York Times Company
