US, EU Blame Russia for Cyberattack on Satellite Modems in Ukraine
The European Union formally accused Russia of coordinating the cyberattack that hit satellite Internet modems in Ukraine on February 24, roughly one hour before Russia invaded Ukraine.
The attack targeted the KA-SAT consumer-oriented satellite broadband service operated by satellite communications provider Viasat.
It affected thousands of Ukrainian customers and tens of thousands of other broadband customers across Europe, according to Viasat.
The satellite internet outage also disconnected modems used to control roughly 5,800 wind turbines in Germany.
One week after the attack, Viasat confirmed that the satellite modems hit in the cyberattack were wiped using AcidRain data destroying malware.
EU and UK: Russia behind KA-SAT cyberattack
“The European Union and its Member States, together with its international partners, strongly condemn the malicious cyber activity conducted by the Russian Federation against Ukraine, which targeted the satellite KA-SAT network, operated by Viasat,” said Josep Borrell Fontelles, High Representative of the EU for Foreign Affairs and Security Policy and Vice-President of the European Commission.
“This cyberattack had a significant impact causing indiscriminate communication outages and disruptions across several public authorities, businesses and users in Ukraine, as well as affecting several EU Member States.”
UK’s Foreign, Commonwealth & Development Office also issued a statement today formally accusing Russia of being behind the February 24 cyberattack against Viasat modems in Ukraine.
“New UK and US intelligence suggests Russia was behind an operation targeting commercial communications company Viasat in Ukraine,” UK’s press release reads.
“Today’s announcement comes as cyber security leaders from the 5 Eyes, EU and international allies meet at the NCSC’s Cyber UK conference in Newport to discuss the cyber threats facing the world,”
US govt expected to release a statement later today
While the Biden administration is yet to release a statement aligned with that of its European allies, the US government revealed in March that it was investigating the Viasat hack as a potential Russian state-sponsored cyberattack.
At the time, the US National Security Agency (NSA) also mentioned an inter-agency and allied effort (including Ukrainian intelligence) to “assess the scope and severity of the incident.”
Following the attack, CISA and the FBI published a joint advisory warning US organizations of “possible threats” to satellite communication (SATCOM) networks in the US and worldwide.
“This unacceptable cyberattack is yet another example of Russia’s continued pattern of irresponsible behaviour in cyberspace, which also formed an integral part of its illegal and unjustified invasion of Ukraine,” Fontelles added.
“Such behaviour is contrary to the expectations set by all UN Member States, including the Russian Federation, of responsible State behaviour and the intentions of States in cyberspace.”
Update: After this article was published, the US Department of State also published a statement attributing the cyberattack against Viasat internet modems in Ukraine to Russia (also updated the title to match this update).
Today, in support of the European Union and other partners, the United States is sharing publicly its assessment that Russia launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries. The activity disabled very small aperture terminals in Ukraine and across Europe. This includes tens of thousands of terminals outside of Ukraine that, among other things, support wind turbines and provide Internet services to private citizens. – US Dept of State