The US and European Union on Tuesday said Russia was responsible for a February cyberattack that crippled a satellite network in Ukraine and neighboring countries, disrupted communications and disrupted a wind farm used to generate electricity.
The February 24 attack unleashed wiper malware that destroyed thousands of satellite modems used by customers of communications company Viasat. A month later, security firm SentinelOne said an analysis of the Wiper malware used in the attack revealed several technical similarities to VPNFilter, malware detected on more than 500,000 home and small office modems in 2018. Several US government agencies assigned VPNFilter Russian to state threat actors.
Tens of thousands of modems knocked out by AcidRain
“Today, in support of the European Union and other partners, the United States publicly shares its assessment that Russia launched cyberattacks on commercial satellite communications networks in late February to disrupt Ukrainian command and control during the invasion, and that these actions had an impact on others European countries,” wrote US Secretary of State Antony Blinken in a Explanation. “The activity has disabled terminals with very small apertures in Ukraine and across Europe. This includes tens of thousands of terminals outside Ukraine supporting wind turbines and providing internet services to individuals, among other things.”
AcidRain, the name of the wiper analyzed by SentinelOne, is previously unknown malware. AcidRain consists of an executable for the MIPS hardware in Viasat modems and is the seventh single wiper malware associated with Russia’s ongoing invasion of Ukraine. Wipers destroy data on hard drives in a way that cannot be undone. In most cases, they render devices or entire networks completely unusable.
SentinelOne researchers said they found “non-trivial” but ultimately “inconclusive” development similarities between AcidRain and “dstr”, the name of a wiper module in VPNFilter. Similarities included a 55 percent code similarity as measured by a tool called TLSH, identical section header string tables, and “storing the previous syscall number in a global location before a new syscall”.
Viasat officials said at the time that the SentinelOne analysis and results were consistent with the finding of their own investigation.
One of the first signs of the hack occurred when more than 5,800 wind turbines belonging to German energy company Enercon were taken offline. The failure didn’t stop the turbines from spinning, but it did prevent engineers from remotely resetting them. In the meantime, Enercon has succeeded in bringing most of the affected turbines back online and replacing the satellite modems.
“The cyberattack took place an hour before Russia’s unprovoked and unwarranted invasion of Ukraine on February 24, 2022, thereby facilitating military aggression,” EU officials wrote in a statement official statement. “This cyberattack had a significant impact, causing random communication blackouts and disruptions to multiple authorities, businesses and users in Ukraine and affecting multiple EU member states.”
in one separate statementBritish Foreign Secretary Liz Truss said: “This is clear and shocking evidence of a deliberate and malicious attack by Russia on Ukraine, which has had significant consequences for citizens and businesses in Ukraine and across Europe.”
repeat cyber offenders
The cyberattack was one of many that Russia has carried out against Ukraine over the past eight years. In 2015 and again in 2016, hackers working for the Kremlin caused power outages that left hundreds of thousands of Ukrainians without heat in one of the coldest months.
Beginning around January 2022, in the run-up to Russia’s invasion of its neighboring country, Russia unleashed a variety of other cyberattacks against Ukrainian targets, including a series of distributed denial-of-service attacks, website defacements, and wiper attacks.
Aside from the two attacks on Ukraine’s power infrastructure, Russia is also responsible for NotPetya, another hard drive wiper released in Ukraine and later distributed around the world, causing an estimated $10 billion in damage. In 2018, the US sanctioned Russia for the NotPetya attack and interference in the 2016 election.
Critics have long called that the US and its allies have not done enough to punish Russia for NotPetya or the 2015 or 2016 attacks on Ukraine, which remain the only known real-world hacks to shut down power.
This article was previously published on Source link