UK blames Russia for satellite internet hack at start of war
- Published
Russia was behind a cyber-attack targeting American commercial satellite internet company Viasat, UK and US intelligence suggests.
The attack began about an hour before Russia invaded Ukraine, on 24 February.
It caused outages for several thousand Ukrainian customers - and affected windfarms and internet users in Central Europe.
Officials have long believed Russia was to blame but lacked the evidence to say so publicly.
Viasat provides high-speed satellite broadband to commercial and military customers.
The company has previously said "tens of thousands of terminals" were damaged beyond repair, in the cyber-attack, though its core network infrastructure and the satellite itself remained unscathed.
'Almost certain'
Now, a joint announcement by the EU, UK, US and other allies confirms long-held suspicions the primary target was the Ukrainian military.
And the UK's National Cyber Security Centre (NCSC) said it was "almost certain" Russia was behind the attack.
Explaining the decision to publicly identify Russia, NCSC chief executive Lindy Cameron told BBC news: "It is important to challenge the ability to do this with impunity."
Significant and destructive operation shows Russia's abilities
The war in Ukraine has seen the most sustained offensive cyber-operations one country has launched against another, a British intelligence official says.
Some were surprised there was not more evidence of destructive attacks when the invasion began.
But it has taken time for a fuller picture to emerge - such as this major attack on satellite communications now linked to Russia.
Directly in support of military operations, this attack also spilled over to other countries.
So far though, Russia has not launched wider attacks against Western targets.
And one reason we may not have seen the scale of destructive activity inside Ukraine that some predicted, the intelligence official says, is Russia's offense came up against a country that had worked hard on its defences and could see off many of the attacks.
At the NCSC Cyber UK event, operations director Paul Chichester told me the Russians, for the past few years, had been making Ukrainians "match-fit".
Russian military intelligence - the GRU - had been involved in the 13 January defacements of Ukrainian government websites and attacks using a type of destructive malware called Whispergate in the same month, it added.
Whispergate was deployed in the months before the conflict, against organisations in Ukraine, in an effort to "to destroy computer systems and render them inoperable", according to the US Cybersecurity and Infrastructure Security Agency, external.
The UK has already sanctioned the GRU, after a nerve-agent attack in Salisbury, Wilts, left one person dead and several others seriously ill.
Foreign Secretary Liz Truss said in a statement accompanying the announcement: "This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe."
Viasat told the BBC "We recognize international governments have identified who they believe to be responsible for the cyberattack on the KA-SAT network.
"We have and will continue to work closely with relevant law enforcement and governmental authorities as part of the ongoing investigation".
War in Ukraine: More coverage
- Published25 March 2022
- Published1 March 2022