Russia hacked an American satellite company one hour before the Ukraine invasion
Just an hour before Russian troops invaded Ukraine’s territory, officials from the US and UK today said that Russian government hackers had targeted Viasat, an American satellite company. The operation caused a significant and immediate loss of communication for the Ukrainian military. It relied on Viasat services to command and control its armed forces.
The Viasat hack was the largest known attack on the war. Juan Andres Guerrero–Saade, a threat analyst at cybersecurity firm SentinelOne, said that it was the first real-world example of how cyberattacks can target and timed to amplify military forces by disrupting or even destroying enemy technology.
The attack, on February 24, launched destructive “wiper” malware called AcidRain against Viasat modems and routers, quickly erasing all the data on the system. The machines were then rebooted and permanently disabled. This effectively destroyed thousands of terminals.
Guerrero Saade, who was at the forefront in researching AcidRain says that AcidRaid is more versatile than previous malware used by Russia.
” What’s most concerning about AcidRaid? He says that they have removed all safety checks. “With previous wipers the Russians were careful not to execute on certain devices. These safety checks are no longer necessary and the force is brute-forcing. They have a capability that they can reuse. Experts say that this attack is typical of the “hybrid war strategy” used by Moscow. It was launched simultaneously with the ground invasion. According to Microsoft research, this exact type of coordination between Russian cyber operations, military forces, and military forces has been observed at least six times. This underscores the growing role of cyber in modern warfare.
Russia’s coordinated and devastating cyberattack before the invasion in Ukraine shows that cyberattacks can be used strategically and actively in modern-day warfare, even though the threat and consequences are not always easily visible to the public,” Morten Bodskov (Danish defense minister) stated in a statement. Cyberattacks are constantly evolving. Cyberattacks can cause severe damage to our critical infrastructure with fatal consequences In this case, the damage from Ukraine spilled over to thousands of internet users and wind farms in central Europe. The implications are even more severe: Viasat collaborates with the US military, and its partners around world.
” “Obviously, the Russians messed up,” Guerrero-Saade says. “I don’t believe they intended to cause so much splash damage and get involved with the European Union,” Guerrero-Saade said. They gave the EU pretext to react by having 5,800 German wind turbines and others around the EU impacted.”
Just a few hours before AcidRain began its destructive work against Viasat, Russian hackers used another wiper, called HermeticWiper, against Ukrainian government computers. The playbook was very similar except that instead of satellite communications, the targets of the Russian hackers were Windows machines on networks that would have been crucial for the government of Kyiv to mount an effective resistence.
To support MIT Technology Review’s journalism, please consider becoming a subscriber.
It is not clear how effective these attacks were. A senior Ukraine official said the Viasat hack resulted in a “huge loss in communications in the very beginning of war” but offered no detail.
Cyber supports military operations, but we won’t have a complete view of all the operations during this war. AcidRain’s construction makes it clear that we will see it again.
I’m a journalist who specializes in investigative reporting and writing. I have written for the New York Times and other publications.