Officials in the United States and Ukraine had long believed that Russia was responsible for the cyber attack on Viasat, but had not formally “attributed” the incident to Russia. While US officials long ago came to their conclusions, they wanted European countries to lead the way, as the attack had significant resonance in Europe, but not the United States.
The statements released Tuesday stopped at naming a particular Russian-sponsored hacking group for orchestrating the attack, an unusual omission as the United States has routinely released information about the specific intelligence agencies responsible for attacks, in part to increase their visibility. in the Russian government.
“We have and will continue to work closely with relevant law enforcement and government agencies as part of the ongoing investigation,” said Dan Bleier, a Viasat spokesperson. Mandiant, the cybersecurity firm hired by Viasat to investigate the matter, declined to comment on the findings.
But researchers at the cybersecurity firm SentinelOne believed the Viasat hack was likely the work of the GRU, Russia’s military intelligence unit. The malware used in the attack, known as AcidRain, showed significant similarities to other malware previously used by the GRU, SentinelOne researchers said.
Unlike its predecessor malware, known as VPNFilter and built to destroy specific computer systems, AcidRain was created as a multipurpose tool that can be easily used against a wide variety of targets, researchers said. In 2018, the Justice Department and the Federal Bureau of Investigation said that Russia’s GRU was responsible for creating the VPNFilter malware.
The AcidRain malware is “a very generic solution, in the narrowest sense of the word,” said Juan Andres Guerrero-Saade, one of SentinelOne’s principal threat researchers. “They can take this tomorrow and if they want to do a supply chain attack on routers or modems in the US, AcidRain would work.”
US officials have warned that Russia could carry out a cyber attack on critical US infrastructure and have urged companies to strengthen their online defenses. The US has also helped Ukraine detect and respond to Russian cyber-attacks, the State Department said.