The US and European Union on Tuesday claimed Russia was responsible for a cyberattack in February that crippled a satellite network in Ukraine and neighboring international locations, disrupting communications and a wind farm made use of to make energy.
The February 24 attack unleashed wiper malware that destroyed thousands of satellite modems utilized by clients of communications business Viasat. A month later, safety company SentinelOne said an assessment of the wiper malware used in the attack shared multiple technical similarities to VPNFilter, a piece of malware found on additional than 500,000 residence and small place of work modems in 2018. Numerous US federal government companies attributed VPNFilter to Russian condition threat actors.
Tens of hundreds of modems taken out by AcidRain
“Today, in help of the European Union and other companions, the United States is sharing publicly its assessment that Russia launched cyber assaults in late February against commercial satellite communications networks to disrupt Ukrainian command and control in the course of the invasion, and these actions experienced spillover impacts into other European nations,” US Secretary of Condition Antony Blinken wrote in a statement. “The activity disabled quite modest aperture terminals in Ukraine and throughout Europe. This incorporates tens of hundreds of terminals outdoors of Ukraine that, amongst other issues, support wind turbines and provide Internet companies to non-public citizens.”
AcidRain, the title of the wiper analyzed by SentinelOne, is a formerly unfamiliar piece of malware. Consisting of an executable file for the MIPS components in Viasat modems, AcidRain is the seventh unique piece of wiper malware connected with Russia’s ongoing invasion of Ukraine. Wipers wipe out knowledge on difficult drives in a way that can not be reversed. In most circumstances, they render units or entire networks totally unusable.
SentinelOne scientists mentioned they observed “non-trivial” but in the end “inconclusive” developmental similarities in between AcidRain and “dstr,” the identify of a wiper module in VPNFilter. The resemblances incorporated a 55 percent code similarity as measured by a instrument recognized as TLSH, similar area header strings tables, and the “storing of the previous syscall range to a world location ahead of a new syscall.”
Viasat officials said at the time that the SentinelOne investigation and conclusions have been reliable with the final result of their individual investigation.
One particular of the initial indications of the hack transpired when far more than 5,800 wind turbines belonging to the German energy corporation Enercon ended up knocked offline. The outage didn’t end the turbines from spinning, but it prevented engineers from remotely resetting them. Enercon has since managed to get most of the influenced turbines again online and replace the satellite modems.
“The cyberattack took location a single hour right before Russia’s unprovoked and unjustified invasion of Ukraine on 24 February 2022 thus facilitating the armed service aggression,” EU officials wrote in an formal statement. “This cyberattack experienced a significant influence causing indiscriminate conversation outages and disruptions across several general public authorities, companies and users in Ukraine, as effectively as influencing various EU Member States.”
In a individual assertion, British Overseas Secretary Liz Truss explained: “This is obvious and surprising proof of a deliberate and destructive attack by Russia towards Ukraine which had sizeable outcomes on regular men and women and organizations in Ukraine and across Europe.”
Repeat cyber offender
The cyberattack was just one of numerous Russia has carried out versus Ukraine in excess of the previous eight several years. In 2015 and all over again in 2016, hackers doing work for the Kremlin induced electrical energy blackouts that left hundreds of countless numbers of Ukrainians without having heat for the duration of a single of the coldest months.
Starting up all-around January 2022, in the guide-up to Russia’s invasion of its neighboring region, Russia unleashed a host of other cyberattacks from Ukrainian targets, like a series of dispersed denial-of-assistance attacks, web-site defacements, and wiper assaults.
Moreover the two attacks on Ukrainian energy infrastructure, proof reveals Russia is also liable for NotPetya, an additional disk wiper that was introduced in Ukraine and later on unfold close to the environment, exactly where it caused an estimated $10 billion in problems. In 2018, the US sanctioned Russia for the NotPetya attack and interference in the 2016 election.
Critics have extensive said that the US and its allies did not do adequate to punish Russia for NotPetya or the 2015 or 2016 attacks on Ukraine, which remain the only identified true-environment hacks to knock out electrical energy.