Since the beginning of Russia's invasion of Ukraine, the EU, UK, US, and other allies have recognized that Russia has been behind a wave of cyber-attacks. The most recent distributed denial-of-service (DDoS) attack on Viasat's commercial communications network in Ukraine, which occurred on the same day that Russia launched its full-fledged invasion, had a greater impact across Europe, disrupting wind farms and internet users.
The outage on Viasat affected almost one-third of bigblu's 40,000 users throughout Europe, including Germany, France, Hungary, Greece, Italy, and Poland, according to Eutelsat, the parent company of bigblu satellite internet service. The incident impacted wind farms and internet users in central Europe, creating outages for thousands of Ukrainian customers.
In the regard, the key statements by the West are as follows:
- The European Union said that Russia was behind the strike, which occurred "one hour before" the invasion of Ukraine.
- Estonia: The member of the European Union went even further. With "high certainty," the country blamed the hack on Russia's military intelligence arm, saying it had "gone counter to international law."
- The United Kingdom's National Cyber Security Centre is "almost convinced" that Russia was behind the Viasat attack, according to the UK, citing "new UK and US intelligence." Meanwhile, the report said that "Russian Military Intelligence was probably certainly involved" in defacing Russian websites and releasing damaging spyware.
The main aim, according to the joint intelligence advisory, was the Ukrainian military. "Thousands of terminals have been destroyed, rendered useless, and are unable to be restored," according to Viasat. Russian military intelligence was likely certainly engaged in the January 13 attacks on Ukrainian official websites and the distribution of Whispergate harmful malware, according to the UK's National Cyber Security Centre (NCSC).
"This is clear and alarming proof of an intentional and malicious attack by Russia against Ukraine, which had huge ramifications for ordinary people and businesses in Ukraine and across Europe," Foreign Secretary Liz Truss said.
In the past Russian criminals hijacked the updater system of Ukrainian accounting software provider MEDoc in June 2017, infecting MEDoc users with the wiper virus NotPetya. The evidence suggests that Wiper malware infected several Ukrainian government networks again in 2022, and Gamaredon attacks targeted roughly 5,000 entities, including key infrastructure and government departments.
NCSC director of operations Paul Chichester addressed why the attribution was being done now, two and a half months after the occurrence, at a press conference at CYBERUK 2022. "We execute attributions in a process-driven manner; accuracy is extremely essential to us," he explained. Collaboration with international bodies such as the EU and the Five Eyes adds to the length of time it took to provide this material.
Such cyber action aims to demoralize the public and degrade essential infrastructure. The perceived difficulties of precisely attributing the attack to any single aggressor is a benefit of conducting the earliest stages of kinetic activity in cyberspace. Putin has been emphatic in his denial of any Russian government participation in the attacks.