Skip to main content
close search
site logo
Dive Brief

US, allies blame Russia for Viasat cyberattack

The Five Eyes and other EU authorities linked Russia to a series of web defacement, DDoS and destructive wiper attacks in the weeks leading up to the Ukraine invasion.

Published May 11, 2022
David Jones's headshot
Reporter
Anastasia Vlasova via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • The State Department joined U.K. and EU authorities in formally linking Russia to a series of cyberattacks that preceded the invasion of Ukraine, including an attack Feb. 24 against the KA-SAT network operated by Viasat, according to a statement from Secretary of State Antony Blinken released Tuesday.  
  • Authorities also blamed Russia for a series of distributed denial of service (DDoS) attacks, website defacements and attacks using destructive wiper malware against Ukraine targets in the weeks leading up to the invasion.  
  • SentinelOne researchers in late March attributed the Viasat attack to a malware strain called AcidRain, a destructive form of malware that wipes modems and routers.

Dive Insight:

The EU and U.K. set off a series of formal condemnations that blamed Russia for the wave of malicious attacks preceding the Ukraine invasion. 

U.S. and European officials had warned for months about the potential use of cyber as means of asymmetric attack against military, government and critical infrastructure targets in Ukraine as well as Western allies linked the conflict. Authorities have also cautioned about the potential for spillover or more direct attacks against U.S. or NATO member countries. 

Cybersecurity authorities from the Five Eyes countries as well as other European nations met Tuesday in the U.K. to strategize about how to respond to the cyberthreat. The formal attribution will raise further questions about how the U.S. or NATO will respond to such an attack.

The Viasat attack originally aimed to disrupt Ukraine military capabilities, authorities said, but quickly disrupted internet users and a major provider of alternative energy in Europe. 

“The use of AcidRain against Viasat KA-SAT modem was one of the earliest attacks in the Russian invasion and perhaps the most significant attempt at reshaping the space for kinetic attacks by disabling some Ukrainian command-and-control capabilities,” Juan Andres Guerrero-Saade, principal threat researcher at SentinelOne, told Cybersecurity Dive via email. 

Guerrero-Saade said AcidRain is designed to brute force its way through any embedded Linux system, like modems, routers and IoT devices, and SentinelOne researchers expect to see it used in future supply chain attacks as needed by the threat actor.

The Viasat attack hit thousands of computers, disrupting operations for wind farm turbines in Europe, satellite customers in Ukraine and fixed broadband customers in Europe.

The U.S. has repeatedly warned U.S. critical infrastructure providers that Russia might use cyber to retaliate for economic sanctions linked to the war effort. Ukraine authorities said malicious cyberattacks have more than doubled since the start of the invasion. 

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell