Russia hacked an American satellite company one hour before the Ukraine invasion
The attack on Viasat showcases cyber’s emerging role in modern warfare.
May 10, 2022
Just an hour before Russian troops invaded Ukraine, Russian government hackers targeted the American satellite company Viasat, officials from the US, EU, and UK said today.
The operation resulted in an immediate and significant loss of communication in the earliest days of the war for the Ukrainian military, which relied on Viasat’s services for command and control of the country’s armed forces.
The Viasat cyberattack is the biggest known hack of the war, says Juan Andres Guerrero-Saade, a threat researcher at the cybersecurity firm SentinelOne “because it’s the most concerted effort to disable Ukrainian military capabilities.” It is also one of the first real-world examples of how cyberattacks can be targeted and timed to amplify military forces on the ground by disrupting and even destroying the technology used by enemy forces.
The attack, on February 24, launched destructive “wiper” malware called AcidRain against Viasat modems and routers, quickly erasing all the data on the system. The machines then rebooted and were permanently disabled. Thousands of terminals were effectively destroyed in this way.
How a Russian cyberwar in Ukraine could ripple out globally
Soldiers and tanks may care about national borders. Cyber doesn’t.
- Guerrero-Saade, who has been at the forefront of research into AcidRain, says that where previous malware used by the Russians was narrowly targeted, AcidRaid is more of an all-purpose weapon.
“What’s massively concerning about AcidRaid is that they’ve taken all the safety checks off,” he says. “With previous wipers, the Russians were careful to only execute on specific devices. Now those safety checks are gone, and they are brute-forcing. They have a capability they can reuse. The question is, what supply-chain attack will we see next?”
The attack has turned out to be typical of the “hybrid” war strategy employed by Moscow, say experts. It was launched in concert with the invasion on the ground. That exact kind of coordination between Russian cyber operations and military forces has been seen at least six times, according to research from Microsoft, underlining the emerging role of cyber in modern warfare.