NCSC Confirms Russia Responsible For Viasat Hack

Russia was responsible for the cyberattack on the US-based Viasat communication systems – an hour before it illegally invaded Ukraine on 24 February 2022.

This is according to both US and UK intelligence officials. The attack caused outages for thousands of Ukrainian officials and customers, and also impacted Viasat customers in central Europe as well.

The UK’s National Cyber Security Centre (NCSC) announced Russia was “almost certainly responsible” for the attack, and it seems as though the attack was designed to hamper Ukraine’s military response to the invasion.

Viasat attack

Russia has been behind a series of cyber attacks since the start of the renewed invasion of Ukraine, NCSC said on Tuesday.

“The most recent attack – against Viasat on 24 February – began approximately one hour before Russia launched its major invasion of Ukraine.” said the British cyber guardian. “The NCSC assesses that Russia was almost certainly responsible for the attack.”

According to the NCSC, the primary target is believed to have been the Ukrainian military, but other customers were affected, including personal and commercial internet users.

Wind farms in central Europe and internet users were also affected, it said.

“The NCSC also assesses that the Russian Military Intelligence (GRU) was almost certainly involved in the 13 January defacements of Ukrainian government websites and the deployment of Whispergate destructive malware,” it added.

“This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe,” said UK Foreign Secretary Liz Truss.

“We will continue to call out Russia’s malign behaviour and unprovoked aggression across land, sea and cyberspace, and ensure it faces severe consequences,” said Truss.

Elon Musk had previously said that “almost all Viasat Ukraine user terminals were rendered permanently unusable by a Russian cyberattack on day of invasion.”

Increasing attacks

Ukraine had suffered a number of well documented cyberattacks in the weeks leading up to Russia’s brutal invasion of Ukraine.

But it didn’t appear to be the huge number of cyberattacks that many experts had been expecting.

However Microsoft released data last month that revealed the sheer number of cyberattacks against the nation, was much greater than previously disclosed.

The software giant said that it had observed at least six different Kremlin-backed hacking groups conducting nearly 240 cyberattacks against Ukrainian targets.

Microsoft has been working “with Ukrainian cybersecurity officials and private sector enterprises to defend against the cyberattacks.”

Microsoft said that it has observed attempts to destroy, disrupt, or infiltrate networks of government agencies, and a wide range of critical infrastructure organisations, which Russian military forces have in some cases targeted with ground attacks and missile strikes.

Improved defences

Ukraine has suffered cyberattacks from Russia for years now, which has actually helped the country improve its cyber defences.

The infamous malware Industroyer for example was used in 2016 by the Sandworm APT group to cut power in Ukraine.

Russia’s military intelligence agency, GRU, previously successfully executed similar attacks in 2014 and 2015.

In both of those incidents, some residents of Kyiv temporarily lost power.

The fact that Ukraine’s power and communications networks have by and large withstood cyberattacks and military action is a testament to how well Ukraine this time around has prepared its cyberdefences and hardened its communications and electrical networks.