US and Ukrainian officials had long believed that Russia was responsible for the Viasat cyberattack, but had not formally “attributed” the incident to Russia. While US officials reached their conclusions long ago, they wanted European nations to take the lead, since the attack had significant repercussions in Europe but not in the United States.
Statements released Tuesday stopped short of naming a particular Russian-sponsored hacking group for orchestrating the attack, an unusual omission as the United States has routinely disclosed information about the specific intelligence services responsible for the attacks, in part to prove its visibility in the Russian government. .
“We have and will continue to work closely with relevant government and law enforcement authorities as part of the ongoing investigation,” said Dan Bleier, a spokesman for Viasat. Mandiant, the cybersecurity firm Viasat hired to investigate the matter, declined to comment on its findings.
But researchers at the cybersecurity firm SentinelOne believed the Viasat hack was likely the work of the GRU, Russia’s military intelligence unit. The malware used in the attack, known as AcidRain, shared significant similarities with other malware previously used by GRU, SentinelOne researchers said.
Unlike its predecessor malware, which is known as VPNFilter and was created to destroy targeted computer systems, AcidRain was created as a multipurpose tool that could be easily used against a wide variety of targets, the researchers said. In 2018, the Department of Justice and the Federal Bureau of Investigation said that Russia’s GRU was responsible for creating the VPNFilter malware.
AcidRain malware is “a very generic solution, in the scariest sense of the word,” said Juan Andrés Guerrero-Saade, principal threat researcher at SentinelOne. “They can take this tomorrow and if they want to do a supply chain attack against routers or modems in the US, AcidRain would work.”
US officials have warned that Russia could carry out a cyberattack against critical US infrastructure and urged companies to strengthen their defenses online. The United States has also helped Ukraine detect and respond to Russian cyberattacks, the State Department said.