Threat Management, Threat Management, Governance, Risk and Compliance

UK, US and EU attribute Viasat hack against Ukraine to Russia

The U.S., U.K. and E.U. condemned Russia for a February cyberattack on the Viasat KA-SAT internet service in Ukraine. Pictured: Vira Moisenko mourns after being handed the Ukrainian flag from the coffin during the funeral of her husband Olexandr Moisenko in the Field of Mars at Lychakiv cemetery on May 10 in Lviv, Ukraine. (Photo by Leon Neal/Getty...

The European Union, United States and United Kingdom condemned Russia for February's destructive cyberattack on the Viasat KA-SAT internet service, formally attributing the attack to Moscow.

"The European Union and its Member States, together with its international partners, strongly condemn the malicious cyber activity conducted by the Russian Federation against Ukraine, which targeted the satellite KA-SAT network, operated by Viasat," the EU wrote in a statement issued Tuesday.

The U.K. said in a statement that its National Cyber Security Centre assessed Russia "was almost certainly involved" in not only in Viasat but also the Whispergate wiper attacks — one of four wiper strains launched against Ukraine this year — and in a set of Ukrainian website defacements.

Leaders from the European Union, the Five Eyes alliance of the U.S., U.K., Australia, Canada and New Zealand, and other international partners are currently meeting in Newport, England, to discuss cybersecurity.

The Viasat attack took place a week before the invasion of Ukraine, destroying the satellite modems used by subscribers, including the Ukrainian military. Satellite modems offer connectivity for smart weapons systems. But KA-SAT also provided service for affected customers around Europe, including windfarms in Germany.

Most observers suspected that Russia was behind the attack. Though multiple infection vectors have been proposed to explain how KA-SAT modems received a malicious firmware update, researchers at SentinelLabs found samples of malware that would have done the trick with similarities to malware used by Russia in the past. While Russia has been linked both formally and informally to cyberattacks regarding Ukraine throughout the war, Viasat is the only destructive attack so far to show widespread spillover outside of Ukraine (though early wiper attacks that may be linked to the war reached a small number of systems in Latvia and Lithuania.

According to the U.K. release, the attribution is based on "new evidence."

"This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe," said U.K. Foreign Secretary Liz Truss.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.