- The State Department joined U.K. and EU authorities in formally linking Russia to a series of cyberattacks that preceded the invasion of Ukraine, including an attack Feb. 24 against the KA-SAT network operated by Viasat, according to a statement from Secretary of State Antony Blinken released Tuesday.
- Authorities also blamed Russia for a series of distributed denial of service (DDoS) attacks, website defacements and attacks using destructive wiper malware against Ukraine targets in the weeks leading up to the invasion.
- SentinelOne researchers in late March attributed the Viasat attack to a malware strain called AcidRain, a destructive form of malware that wipes modems and routers.
The EU and U.K. set off a series of formal condemnations that blamed Russia for the wave of malicious attacks preceding the Ukraine invasion.
U.S. and European officials had warned for months about the potential use of cyber as means of asymmetric attack against military, government and critical infrastructure targets in Ukraine as well as Western allies linked the conflict. Authorities have also cautioned about the potential for spillover or more direct attacks against U.S. or NATO member countries.
Cybersecurity authorities from the Five Eyes countries as well as other European nations met Tuesday in the U.K. to strategize about how to respond to the cyberthreat. The formal attribution will raise further questions about how the U.S. or NATO will respond to such an attack.
The Viasat attack originally aimed to disrupt Ukraine military capabilities, authorities said, but quickly disrupted internet users and a major provider of alternative energy in Europe.
“The use of AcidRain against Viasat KA-SAT modem was one of the earliest attacks in the Russian invasion and perhaps the most significant attempt at reshaping the space for kinetic attacks by disabling some Ukrainian command-and-control capabilities,” Juan Andres Guerrero-Saade, principal threat researcher at SentinelOne, told Cybersecurity Dive via email.
Guerrero-Saade said AcidRain is designed to brute force its way through any embedded Linux system, like modems, routers and IoT devices, and SentinelOne researchers expect to see it used in future supply chain attacks as needed by the threat actor.
The Viasat attack hit thousands of computers, disrupting operations for wind farm turbines in Europe, satellite customers in Ukraine and fixed broadband customers in Europe.
The U.S. has repeatedly warned U.S. critical infrastructure providers that Russia might use cyber to retaliate for economic sanctions linked to the war effort. Ukraine authorities said malicious cyberattacks have more than doubled since the start of the invasion.