The Five Eyes nations comprising Australia, Canada, New Zealand, the U.K., and the U.S., along with Ukraine and the European Union, formally pinned Russia for masterminding an attack on an international satellite communication (SATCOM) provider that had “spillover” effects across Europe.
The cyber offensive, which took place one hour before the Kremlin’s military invasion of Ukraine on February 24, targeted the KA-SAT satellite network operated by telecommunications company Viasat, crippling the operations of wind farms and internet users in central Europe.
Viasat, in late March, disclosed that it had shipped nearly 30,000 modems to distributors to restore service to customers whose modems were rendered unusable.
“This cyberattack had a significant impact causing indiscriminate communication outages and disruptions across several public authorities, businesses and users in Ukraine, as well as affecting several E.U. Member States,” the Council of the European Union said.
Calling it a deliberate and unacceptable cyberattack, the nations pointed fingers at Russia for its “continued pattern of irresponsible behavior in cyberspace, which also formed an integral part of its illegal and unjustified invasion of Ukraine.”
The U.S. State Department said the digital assaults against commercial satellite communications networks were orchestrated to disrupt Ukrainian military command-and-control capabilities during the invasion.
An analysis from cybersecurity firm SentinelOne published last month revealed that the intrusion aimed at Viasat involved the use of a data-wiping malware dubbed AcidRain that’s designed to remotely sabotage tens of thousands of vulnerable modems.
Furthermore, the discovery unearthed similarities between AcidRain and “dstr,” a third-stage wiper module in VPNFilter, a botnet malware previously attributed to Russia’s Sandworm group.
Besides the Viasat attacks, Australia and Canada also blamed the Russian government for targeting the Ukrainian banking sector in February 2022, COVID-19 vaccine research and development in 2020, and interfering in Georgia’s 2020 parliamentary elections.
The attribution comes as Ukraine has been at the receiving end of a number of destructive attacks directed at public and private sector networks since the start of the year, launched as part of Russia’s “hybrid” warfare strategy in concert with ground warfare.
The U.K.’s National Cyber Security Centre (NCSC) noted that Russian military intelligence agencies were “almost certainly” involved in the deployment of WhisperGate wiper malware and the defacements of several Ukrainian websites in January 2022.
AcidRain and WhisperGate are part of a long list of data wiper strains that has hit Ukraine in recent months, which also includes HermeticWiper (FoxBlade aka KillDisk), IssacWiper (Lasainraw), CaddyWiper, DesertBlade, DoubleZero (FiberLake), and Industroyer2.
“Russian hackers have been waging war against Ukraine in the cyberspace for the past eight years,” the State Service for Special Communication and Information Protection of Ukraine (SSSCIP) said in a statement, adding they “pose a threat not only to Ukraine, but to the whole world.”
“Their purpose is to damage and destroy, to wipe out data, to deny Ukrainian citizens’ access to public services as well as to destabilize [the] situation in the country, to spread panic and distrust in the authorities among the people.”