The United States, the United Kingdom and the European Union have officially accused the Russian government of carrying out a cyber attack on satellite communication supplier viasat in February, which triggered the failure of the whole central and Eastern Europe a few hours before Russia launched its invasion of Ukraine. "The EU and its Member States, together with international partners, strongly condemn the malicious network activities of the Russian Federation against Ukraine, which target the ka-sat satellite network operated by viasat," the EU said in a joint statement
The EU blamed Russia for the attack. Although the main target of the attack is considered to be the Ukrainian military, which is heavily dependent on satellite communications, the attack on February 24 also affected the Internet services of thousands of viasat customers in Ukraine and thousands of customers across Europe. The attack also cut off remote access to about 5800 wind turbines across Germany, which rely mainly on viasat routers for remote monitoring and control.
A few months later, the attack on the viasat network remained unresolved. Viasat said the cyber attack also damaged tens of thousands of irreparable terminals. In its latest analysis of the incident, viasat said that so far, service providers have provided customers with nearly 30000 routers in an effort to bring them back online.
The EU continued: "this unacceptable cyber attack is another example of Russia's continuing irresponsible pattern of behavior in cyberspace, which also constitutes an integral part of its illegal and unreasonable invasion of Ukraine." the EU added that the group was "considering taking further measures to prevent, deter, contain and respond to such malicious acts."
The National Cyber Security Center said in a statement that military intelligence showed that it was "almost certain" that Russia was behind the destruction of the Ukrainian government website in January and the deployment of whisper destructive malware before the invasion.
Weeks before officially determining the source of the viasat cyber attack, sentinelone researchers said the incident was likely the result of a new type of brush malware in Russia called "acidrain", which aims to remotely erase vulnerable modems. Viasat confirmed that these findings were "consistent" with its own analysis of the attack.
Sentinellabs noted the similarities between acidrain and vpnfilter malware, which the FBI attributed to the Russian military intelligence service in 2018, known as "fancy bear" - or apt28 - hacker organization. Recently, the U.S. National Security Agency and CISA linked the activity to sandform, which was accused of carrying out a series of attacks within five years, including destructive notpetya cyber attacks against hundreds of companies and hospitals around the world. Both apt28 and sandform are related to the Russian military intelligence agency Gru.