The European Union and the UK government accused Russia of conducting several hacks linked to its invasion in Ukraine, including one against a satellite provider of high-speed internet in Europe.
On Tuesday, the EU and the UK put out press releases officially attributing the Viasat hack to the Russian government.
“The European Union and its Member States, together with its international partners, strongly condemn the malicious cyber activity conducted by the Russian Federation against Ukraine, which targeted the satellite KA-SAT network, operated by Viasat,” read the press release from the EU.
The UK government accused Russia of several other attacks during the invasion of Ukraine, saying the attribution was based on “UK and US intelligence.”
“The UK’s National Cyber Security Centre (NCSC) assesses that the Russian Military Intelligence was almost certainly involved in the 13 January defacements of Ukrainian government websites and the deployment of Whispergate destructive malware. The NCSC also assesses that it is almost certain Russia was responsible for the subsequent cyber-attack impacting Viasat on 24 February,” the UK government’s press release read.
The release said the U.S. government “and other allies” also backed the accusation. When the EU and UK put out statements, no U.S. government agency had published any release yet.
A few hours later the U.S. State Department published its own statement.
“Today, in support of the European Union and other partners, the United States is sharing publicly its assessment that Russia launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries,” the statement read.
The White House, and the office of the Director of National Intelligence, did not immediately respond to a request for comment.
The NSA referred questions to the White House National Security Council. The Cybersecurity and Infrastructure Security Agency (CISA) referred comments to the State Department.
“This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe,” UK’s Foreign Secretary Lizz Truss was quoted as saying in the press release. “We will continue to call out Russia’s malign behaviour and unprovoked aggression across land, sea and cyberspace, and ensure it faces severe consequences.”
The Russian embassy in Washington D.C. did not immediately respond to a request for comment.
The hack against Viasat, which is a U.S. company, was launched right before Russia invaded Ukraine on February 24. The attack caused outages across Europe, including wind farms and internet users, according to the EU. It also hit government agencies, businesses, and users in Ukraine, according to the UK.
The attack was widely reported at the time and in the following weeks, but neither Viasat nor any government agency formally accused Russia. The Washington Post reported a month after the hack that the U.S. government believed Russia to be behind the hack, citing anonymous sources.
Do you have information about other hacks in Ukraine? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email email@example.com
Robert Lee, the founder of cybersecurity firm Dragos said that “attacking such systems can have lots of secondary and unknown third order impact such as the communications networks the wind farms in Europe use and it was a bold and reckless attack”
This is not the first time Western governments accused Russia of using cyberattacks in Ukraine. In April, the U.S. government along with its “Five Eyes” allies—Australia, Canada, New Zealand, and the UK—said in a statement that “Russian state-sponsored cyber operations included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations.”
In response to the government's’ announcements, a Viasat spokesperson said: “We recognize international governments have identified who they believe to be responsible for the cyberattack on the KA-SAT network. We have and will continue to work closely with relevant law enforcement and governmental authorities as part of the ongoing investigation.”
Ukraine's State Service of Special Communications and Information Protection, did not immediately respond to a request for comment.
UPDATE, May 10, 11:45 a.m. ET: This story was updated to include the State Department’s statement.
UPDATE, May 10, 1:07 p.m. ET: This story was updated to include Viasat’s comment.
Subscribe to our cybersecurity podcast, CYBER.