Russia was responsible for a Europe-wide cyber-attack that took place just one hour before the start of the Kremlin’s invasion of Ukraine, according to Western intelligence.
New information released by the EU, UK, US and other allies suggests that Russian threat actors were responsible for the distributed denial-of-service (DDoS) attack on commercial communications firm Viasat in Ukraine on February 24, the same day Russia launched its full-scale invasion. In addition to causing outages for several thousand Ukrainian customers, the incident disrupted wind farms and internet users in central Europe.
The joint intelligence advisory added that it believes the primary target was the Ukrainian military. Viasat previously confirmed that “tens of thousands of terminals have been damaged, made inoperable and cannot be repaired.”
Commenting on the new intelligence, UK Foreign Secretary Liz Truss said: “This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe.
“We will continue to call out Russia’s malign behavior and unprovoked aggression across land, sea and cyberspace and ensure it faces severe consequences.”
During a press conference today at CYBERUK 2022, NCSC director of operations Paul Chichester explained why the attribution was taking place now, two and half months since the incident. “The way we conduct attributions is in a process-driven way; it’s really important to us that we get it right,” he outlined.
The intelligence also involved collaboration with international agencies, such as the EU and five eyes, which added to the time taken to release this information.
Russia is believed to be behind several cyber-incidents impacting the Ukrainian government and services before and since the invasion. This includes the defacement of Ukrainian government websites in January, the data wiper malware attacks on the eve of the invasion in February and an attack on Ukraine’s national telecommunications provider at the end of March.