US and EU Officials Attribute Viasat Cyber Attack to Russia
Russia is responsible for cyber attacks against commercial satellite communications networks in late February to disrupt Ukraine’s command and control efforts at the outset of Russia’s invasion of the country, the U.S. government and European Union (EU) said on Tuesday.
The cyber attack also impacted other countries in Europe by disabling very small aperture terminals in Ukraine and Europe, including “tens of thousands of terminals outside of Ukraine that, among other things, support wind turbines and provide Internet services to private citizens,” Secretary of State Antony Blinken said in a statement.
Commercial communications satellite provider Viasat in late March confirmed it’s KA-SAT network had been attacked on Feb. 24, the same day Russia launched its invasion of Ukraine. The company said that the attack “resulted in a partial interruption of KA-SAT’s consumer-oriented satellite broadband service. While most users were unaffected by the incident, the cyber attack did impact several thousand customers located in Ukraine and tens of thousands of other fixed broadband customers across Europe.”
A statement by the EU said the cyber-attack occurred one hour prior to the start of Russia’s “unprovoked and unjustified invasion.”
In addition to the attack on the satellite services, Blinken said beginning in January and continuing to this day, Russia has conducted a range of other “disruptive cyber operations” against Ukraine, including defacing websites, distributed denial-of-service attacks, and deleting data from government and private computers.
“For example, the United States has assessed that Russian military cyber operators have deployed multiple families of destructive wiper malware, including WhisperGate, on Ukrainian government and private sector networks.”
Blinken said the U.S. is helping Ukraine identify and recover from cyber-attacks and incidents and is providing the government, essential services providers and critical infrastructure operators with satellite phones and data terminals.
A separate statement by the State Department’s Office of the Spokesperson outlines ongoing U.S. support for Ukraine’s connectivity and cyber defenses, including briefings by the FBI to Ukraine on Russian intelligence services’ cyber operations, cyber threat information sharing, help disrupting Russian disinformation. Other assistance includes the Department of Energy helping to integrate Ukraine’s energy grid with the European Network of Transmission System Operators for Electricity to include bolstering cybersecurity, and the U.S. Agency for International Development (USAID) funding technical experts to support Ukrainian government essential service providers to ferret out malware and bring systems back online after an attack.
“USAID and the Department of State are also exploring new mechanisms to leverage the services offered by U.S. and Ukrainian cybersecurity service providers to support and reinforce the Government of Ukraine’s own cyber defense efforts,” the statement said.
The State Department also highlighted operational help by U.S. Cyber Command between December 2021 and February 2022 conducting “defensive cyber operations alongside Ukrainian Cyber Command personnel” to boost cyber resilience of networks.
“Cyber professionals from both countries sat side by side, looking for adversary activity and identifying vulnerabilities,” the statement said. “In addition to this effort, the team provided remote analytics and advisory support aligned to critical networks from outside Ukraine.”