The attack came before the invasion launched by President Vladimir V. Putin on February 24. Photo Kirill Kudryavtsev/Agence France-Presse-Getty Images
WASHINGTON-A cyberattack that shattered satellite communications in Ukraine in the hours before the Feb. 24 attack was the work of the Russian government, the United States and European countries declared on Tuesday, officially blaming an attack which upset Pentagon officials. and representatives of private industry as it revealed something new weaknesses in global communication systems.
In a consolidated set of statements, the governments blamed Moscow but did not explicitly name the organization that had made the sophisticated effort to block communications Ukrainian
The head of foreign policy of the European Union, Josep Borrell, gives a press conference after a meeting ,. Photo by AP/Olivier Matthys
But U.S. officials, who spoke on condition of anonymity about the details of the findings, said it was the Russian military intelligence agency, the GRUthe same group responsible for hacking the Democratic National Committee in 2016 and a series of attacks against the US and Ukraine.
“This unacceptable cyber attack is another example of Russia’s ongoing pattern of irresponsible behavior in cyberspace, which has also been an integral part of its illegal and unreasonable aggression in Ukraine,” Josep Borrell said. Fontelles, the European Union’s top diplomat, in a statement. free.
“Cyber attacks targeting Ukraine, including against critical infrastructure, could spread to other countries and cause systematic effect which threatens the security of the peoples of Europe ”.
The attack targeted a system operated by Viasat, a California company that provides high-speed satellite communication services, and heavily used by the Ukrainian government.
The attack came weeks after several Ukrainian government websites were attacked by software. “janitor” which destroys the data.
The Viasat attack appeared to be intended to disrupt Ukraine’s command and control over its troops in the critical first hours of Russia’s aggression, U.S. and European officials said.
The hack also disconnected thousands of civilians in Ukraine and across Europe from the Internet. He even prevented the operation of thousands wind turbines in Germany to rely on Viasat technology to monitor conditions and control the turbine network.
Viasat immediately launched an investigation and called Mandiant, the cybersecurityto write a report.
Although Viasat published the preliminary findings in March, more in-depth studies have not been made public.
However, the initial conclusions are surprising:
to shut down satellites in space, hackers no longer had to attack the satellites themselves.
Instead, they focus on terrestrial Modem, devices that interact with satellites.
A senior government official said the weakness of those systems was “a call to attention“, raising concerns with the Pentagon and U.S. intelligence agencies, which fear Russia or China could exploit similar vulnerabilities to other critical communication systems.
U.S. and European officials have warned that cyber weapons are often unpredictable, and the growing disruptions caused by the Viasat hack have shown how quickly a cyber attack can spread beyond its intended targets. .
In 2017, a Russian cyber attack on Ukraine, called NotPetya, quickly spread around the world and disrupted the operations of Maerskthe Danish shipping conglomerate, and other large companies.
Like other attacks on critical infrastructure, such as the Colonial Pipeline hack in 2021, the Viasat hack revealed vulnerabilities in an important service being exploited by Russian hackers. without much technical sophistication.
The attack on the Colonial Pipeline led to the only face-to-face meeting between the presidents Joe Biden and the president Vladimir Putin of Russia, in Geneva in June.
At that meeting, Biden warned Putin against ransomware or other attacks on critical U.S. infrastructure.
But the Viasat attack, while targeting a U.S. company, did not reach U.S. shores.
Officials in the United States and Ukraine have long believed Russia was responsible for the Viasat cyberattack, but have not formally “linked” the incident to Russia.
Although US officials have long reached their conclusions, they want European countries to take the initiativebecause the attack had a major impact on Europe but not on the United States.
Statements released on Tuesday stopped naming a hacking group established by Russia specifically for attack coordination, an unusual omission because the United States regularly discloses information about specific intelligence services responsible for attacks, in part to show its visibility to the Russian government.
“We have and will continue to work closely with the relevant government and law enforcement authorities as part of the ongoing investigation,” said Dan Bleier, a spokesman for Viasat.
Mandiant, the cybersecurity firm Viasat hired to investigate, declined to comment on its findings.
But researchers at cybersecurity firm SentinelOne believe the Viasat hack was most likely the work of GRU, Russia’s military intelligence unit.
The malware used in the attack, known as Acid Rainshared significant similarities to other malware previously used by GRU, SentinelOne researchers said.
Unlike its predecessor malware, known as VPNFilter and created to destroy targeted computer systems, AcidRain was created as a multipurpose tool which is handy against a wide variety of targets, the researchers said.
In 2018, the Justice Department and the FBI said Russia’s GRU was responsible for creating the VPNFilter malware.
AcidRain malware is “a very generic solution, for the most part scary of the word, ”said Juan Andrés Guerrero-Saade, senior threat investigator at SentinelOne.
“You can pick it up tomorrow and if you want to conduct a supply chain attack against routers or modems in the US, AcidRain will work.”
U.S. officials warned Russia could conduct a cyberattack against critical U.S. infrastructure and urged companies to strengthen their defenses online.
The United States has also helped Ukraine detect and respond to Russia’s cyberattacks, the State Department said.
“While countries have pledged to promote guidelines based on international order in cyberspace, the United States and its allies and partners are taking steps to defend against Russia’s irresponsible actions,” the United States said. Secretary of State. Anthony J. Blinkennoted that the United States provides satellite phones, data terminals and other connecting equipment to Ukrainian government officials and critical infrastructure operators.
The UK said it would also continue to help Ukraine defend against cyber attacks.
“We will continue to condemn the behavior bad and Russia’s relentless aggression on land, sea and cyberspace, and we will make sure it faces serious consequences, ”said Liz Truss, the British Foreign Secretary.
“All countries must unite in their efforts to deter the aggressor, to make it impossible for him to continue the attack and to assume responsibility for his actions,” a spokesman for security said. and Ukraine’s intelligence service in a statement about linking the Viasat hack. to Russia.
“Only sanctions, coordinated activity, the awareness of public institutions, companies and citizens can help us achieve this goal and truly achieve peace in cyberspace.”
c.2022 The New York Times Company
Source: Clarin
