E.U. Blames Russia for Cyberattack on KA-SAT Satellite Network Operated by Viasat

The Five Eyes nations comprising Australia^[1], Canada^[2], New Zealand^[3], the U.K.^[4], and the U.S.^[5], along with Ukraine and
the European Union, formally pinned Russia for masterminding an
attack on an international satellite communication (SATCOM^[6]) provider that had
“spillover” effects across Europe.

The cyber offensive^[7], which took place one
hour before the Kremlin’s military invasion of Ukraine on February
24, targeted the KA-SAT satellite network operated by
telecommunications company Viasat, crippling the operations of wind
farms and internet users in central Europe.

Viasat, in late March, disclosed^[8]
that it had shipped nearly 30,000 modems to distributors to restore
service to customers whose modems were rendered unusable.

“This cyberattack had a significant impact causing
indiscriminate communication outages and disruptions across several
public authorities, businesses and users in Ukraine, as well as
affecting several E.U. Member States,” the Council of the European
Union said^[9].

Calling it a deliberate and unacceptable cyberattack, the
nations pointed fingers at Russia for its “continued pattern of
irresponsible behavior in cyberspace, which also formed an integral
part of its illegal and unjustified invasion of Ukraine.”

The U.S. State Department said the digital assaults against
commercial satellite communications networks were orchestrated to
disrupt Ukrainian military command-and-control capabilities during
the invasion.

An analysis from cybersecurity firm SentinelOne published last
month revealed that the intrusion aimed at Viasat involved the use
of a data-wiping malware dubbed AcidRain^[10] that’s designed to
remotely sabotage tens of thousands of vulnerable modems.

Furthermore, the discovery unearthed similarities between
AcidRain and “dstr,” a third-stage wiper module in VPNFilter^[11], a botnet malware
previously attributed to Russia’s Sandworm group^[12].

Besides the Viasat attacks, Australia and Canada also blamed the
Russian government for targeting the Ukrainian banking sector in
February 2022, COVID-19 vaccine research and development in 2020,
and interfering in Georgia’s 2020 parliamentary elections.

The attribution comes as Ukraine has been at the receiving end
of a number of destructive^[13] attacks^[14] directed at public and
private sector networks since the start of the year, launched as
part of Russia’s “hybrid” warfare strategy in concert with ground
warfare.

The U.K.’s National Cyber Security Centre (NCSC) noted that
Russian military intelligence agencies were “almost certainly”
involved in the deployment of WhisperGate^[15] wiper malware and the
defacements of several Ukrainian websites in January 2022.

AcidRain and WhisperGate are part of a long list of data wiper
strains that has hit Ukraine in recent months, which also includes
HermeticWiper^[16] (FoxBlade^[17] aka KillDisk), IssacWiper^[18] (Lasainraw), CaddyWiper^[19], DesertBlade^[20], DoubleZero^[21] (FiberLake), and
Industroyer2^[22].

“Russian hackers have been waging war against Ukraine in the
cyberspace for the past eight years,” the State Service for Special
Communication and Information Protection of Ukraine (SSSCIP)
said^[23] in a statement, adding
they “pose a threat not only to Ukraine, but to the whole
world.”

“Their purpose is to damage and destroy, to wipe out data, to
deny Ukrainian citizens’ access to public services as well as to
destabilize [the] situation in the country, to spread panic and
distrust in the authorities among the people.”