Front page layout
Sign up or login to join the discussions!
Dan Goodin –
The US and European Union on Tuesday said Russia was responsible for a cyberattack in February that crippled a satellite network in Ukraine and neighboring countries, disrupting communications and a wind farm used to generate electricity.
“Today, in support of the European Union and other partners, the United States is sharing publicly its assessment that Russia launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries,” US Secretary of State Antony Blinken wrote in a statement. “The activity disabled very small aperture terminals in Ukraine and across Europe. This includes tens of thousands of terminals outside of Ukraine that, among other things, support wind turbines and provide Internet services to private citizens.”
SentinelOne researchers said they found “non-trivial” but ultimately “inconclusive” developmental similarities between AcidRain and “dstr,” the name of a wiper module in VPNFilter. The resemblances included a 55 percent code similarity as measured by a tool known as TLSH, identical section header strings tables, and the “storing of the previous syscall number to a global location before a new syscall.”
Viasat officials said at the time that the SentinelOne analysis and findings were consistent with the outcome of their own investigation.
One of the first signs of the hack occurred when more than 5,800 wind turbines belonging to the German energy company Enercon were knocked offline. The outage didn’t stop the turbines from spinning, but it prevented engineers from remotely resetting them. Enercon has since managed to get most of the affected turbines back online and replace the satellite modems.
“The cyberattack took place one hour before Russia’s unprovoked and unjustified invasion of Ukraine on 24 February 2022 thus facilitating the military aggression,” EU officials wrote in an official statement. “This cyberattack had a significant impact causing indiscriminate communication outages and disruptions across several public authorities, businesses and users in Ukraine, as well as affecting several EU Member States.”
In a separate statement, British Foreign Secretary Liz Truss said: “This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe.”
Starting around January 2022, in the lead-up to Russia’s invasion of its neighboring country, Russia unleashed a host of other cyberattacks against Ukrainian targets, including a series of distributed denial-of-service attacks, website defacements, and wiper attacks.
Besides the two attacks on Ukrainian electricity infrastructure, evidence shows Russia is also responsible for NotPetya, another disk wiper that was released in Ukraine and later spread around the world, where it caused an estimated $10 billion in damage. In 2018, the US sanctioned Russia for the NotPetya attack and interference in the 2016 election.
Critics have long said that the US and its allies didn’t do enough to punish Russia for NotPetya or the 2015 or 2016 attacks on Ukraine, which remain the only known real-world hacks to knock out electricity.
You must login or create an account to comment.
Join the Ars Orbital Transmission mailing list to get weekly updates delivered to your inbox.
WIRED Media Group
Your California Privacy Rights | Do Not Sell My Personal Information
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast.