Thursday, March 28, 2024
More

    US and its allies say Russia waged cyberattack that took out satellite network

    Must Read

    J’ACCUSE —

    February outage came an hour before Russia began its invasion of Ukraine.

    Dan Goodin
    – May 10, 2022 8:29 pm UTC

    The US and European Union on Tuesday said Russia was responsible for a cyberattack in February that crippled a satellite network in Ukraine and neighboring countries, disrupting communications and a wind farm used to generate electricity.

    The February 24 attack unleashed wiper malware that destroyed thousands of satellite modems used by customers of communications company Viasat. A month later, security firm SentinelOne said an analysis of the wiper malware used in the attack shared multiple technical similarities to VPNFilter, a piece of malware discovered on more than 500,000 home and small office modems in 2018. Multiple US government agencies attributed VPNFilter to Russian state threat actors.

    Tens of thousands of modems taken out by AcidRain
    “Today, in support of the European Union and other partners, the United States is sharing publicly its assessment that Russia launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries,” US Secretary of State Antony Blinken wrote in a statement. “The activity disabled very small aperture terminals in Ukraine and across Europe. This includes tens of thousands of terminals outside of Ukraine that, among other things, support wind turbines and provide Internet services to private citizens.”

    AcidRain, the name of the wiper analyzed by SentinelOne, is a previously unknown piece of malware. Consisting of an executable file for the MIPS hardware in Viasat modems, AcidRain is the seventh distinct piece of wiper malware associated with Russia’s ongoing invasion of Ukraine. Wipers destroy data on hard drives in a way that can’t be reversed. In most cases, they render devices or entire networks completely unusable.

    SentinelOne researchers said they found “non-trivial” but ultimately “inconclusive” developmental similarities between AcidRain and “dstr,” the name of a wiper module in VPNFilter. The resemblances included a 55 percent code similarity as measured by a tool known as TLSH, identical section header strings tables, and the “storing of the previous syscall number to a global location before a new syscall.”

    Viasat officials said at the time that the SentinelOne analysis and findings were consistent with the outcome of their own investigation.

    One of the first signs of the hack occurred when more than 5,800 wind turbines belonging to the German energy company Enercon were knocked offline. The outage didn’t stop the turbines from spinning, but it prevented engineers from remotely resetting them. Enercon has since managed to get most of the affected turbines back online and replace the satellite modems.

    “The cyberattack took place one hour before Russia’s unprovoked and unjustified invasion of Ukraine on 24 February 2022 thus facilitating the military aggression,” EU officials wrote in an official statement. “This cyberattack had a significant impact causing indiscriminate communication outages and disruptions across several public authorities, businesses and users in Ukraine, as well as affecting several EU Member States.”

    In a separate statement, British Foreign Secretary Liz Truss said: “This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe.”

    Repeat cyber offender
    The cyberattack was one of many Russia has carried out against Ukraine over the past eight years. In 2015 and again in 2016, hackers working for the Kremlin caused electricity blackouts that left hundreds of thousands of Ukrainians without heat during one of the coldest months.

    Starting around January 2022, in the lead-up to Russia’s invasion of its neighboring country, Russia unleashed a host of other cyberattacks against Ukrainian targets, including a series of distributed denial-of-service attacks, website defacements, and wiper attacks.

    Besides the two attacks on Ukrainian electricity infrastructure, evidence shows Russia is also responsible for NotPetya, another disk wiper that was released in Ukraine and later spread around the world, where it caused an estimated $10 billion in damage. In 2018, the US sanctioned Russia for the NotPetya attack and interference in the 2016 election.

    Critics have long said that the US and its allies didn’t do enough to punish Russia for NotPetya or the 2015 or 2016 attacks on Ukraine, which remain the only known real-world hacks to knock out electricity.

    Read More

    - Advertisement -spot_img
    - Advertisement -spot_img
    Latest News

    Millions in the UK are being urged to get vaccinations during a surge in measles cases

    U.K. health officials on Monday urged millions of parents to book their children for missed measles, mumps and rubella...
    - Advertisement -spot_img

    More Articles Like This

    - Advertisement -spot_img

    Newsletter Signup

    Sign up now and never miss a thing!

    You're Signed Up!

    Now that you are signed up, we will send you exclusive offers periodically.