On Tuesday, the United States and the European Union said Russia was responsible for a cyber attack in February that crippled a satellite network in Ukraine and neighboring countries, disrupting communications and a wind farm used to generate electricity.
The February 24 attack released malware wipers that destroyed thousands of satellite modems used by customers of communications company Viasat. A month later, security firm SentinelOne said analysis of the wiper malware used in the attack shared many technical similarities with VPNFilter, part of the malware found in more than 500,000 home and small office modems in 2018. Numerous US government agencies attribute VPNFilter to Russian subjects of state threat.
Tens of thousands of modems removed from AcidRain
“Today, in support of the European Union and other partners, the United States publicly shares its assessment that Russia launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and these actions are had side effects. in other European countries, “wrote US Secretary of State Anthony Blinken statement. “The activity deactivates the very small opening terminals in Ukraine and throughout Europe. This includes tens of thousands of terminals outside Ukraine, which, among other things, maintain wind turbines and provide Internet services to private citizens.
AcidRain, the name of the cleaner analyzed by SentinelOne, is a hitherto unknown malware. Consisting of an executable file for MIPS hardware in Viasat modems, AcidRain is the seventh separate piece of wiper malware associated with Russia’s ongoing invasion of Ukraine. Wipers destroy hard drive data in a way that cannot be reversed. In most cases, they make devices or entire networks completely unusable.
SentinelOne researchers said they found “non-trivial” but ultimately “unconvincing” similarities in development between AcidRain and “dstr”, the name of a wiper module in VPNFilter. Similarities include 55 percent code similarity measured by an instrument known as TLSH, identical partition header string strings, and “storing the previous system call number in a global location before a new system call.”
Viasat officials said at the time that SentinelOne’s analysis and findings were in line with the results of their own investigation.
One of the first signs of hacking came when more than 5,800 wind turbines belonging to the German energy company Enercon were shut down. The interruption did not prevent the turbines from rotating, but it prevented the engineers from resetting them remotely. Since then, Enercon has been able to bring most of the affected turbines back online and replace satellite modems.
“The cyberattack took place an hour before Russia’s unprovoked and unjustified invasion of Ukraine on February 24, 2022, thus facilitating military aggression,” EU officials wrote in official statement. “This cyber attack had a significant impact, causing indiscriminate communication disruptions and disruptions in several public authorities, businesses and consumers in Ukraine, and affected several EU Member States.
IN separate statementBritish Foreign Secretary Liz Truss said: “This is clear and shocking evidence of a deliberate and malicious attack by Russia on Ukraine, which has had significant consequences for ordinary people and businesses in Ukraine and across Europe.
Repeated cyber intruder
The cyber attack was one of many that Russia has carried out against Ukraine over the past eight years. In 2015 and again in 2016, hackers working for the Kremlin caused a power outage that left hundreds of thousands of Ukrainians without heating during one of the coldest months.
Beginning around January 2022, on the eve of the Russian invasion of its neighboring country, Russia launched a number of other cyber attacks against Ukrainian targets, including a series of distributed denial-of-service attacks, website damage and erasure attacks.
In addition to the two attacks on Ukraine’s electricity infrastructure, evidence shows that Russia is also responsible for NotPetya, another disc wiper that was launched in Ukraine and later spread around the world, causing about $ 10 billion in damage. In 2018, the United States sanctioned Russia for attacking NotPetya and interfering in the 2016 election.
Critics long ago said that the United States and its allies have not done enough to punish Russia for NotPetya or the attacks on Ukraine in 2015 or 2016, which remain the only known hacks in the real world for power outages.