The US and the European Union have officially blamed Russia for a series of destructive data-wiping malware infections in Ukrainian government and private-sector networks – and said they will “take steps” to defend against and respond to Kremlin-orchestrated attacks.
Beginning in January, and continuing after Russian troops illegally invaded Ukraine the following month, as Ukrainian websites were vandalized or pummeled offline in distributed denial-of-service attacks, Russian cyberspies planted malicious data-destroying code in Ukraine’s computers.
“The United States has assessed that Russian military cyber operators have deployed multiple families of destructive wiper malware, including WhisperGate, on Ukrainian Government and private sector networks,” US Secretary of State Antony Blinken said in a statement today.
WhisperGate corrupts an infected Windows system’s master boot record, displays a fake ransom note, and irreversibly scrambles documents based on their file extensions, according to the US government’s Cybersecurity and Infrastructure Security Agency (CISA). Ghostwriter, a crew thought to be connected to Russia’s GRU military intelligence service, started using this strain of malware against organizations in Ukraine on January 15, we’re told.
It’s just one of at least six significant strains of data-wiping malware that Russia has deployed against its neighbor since the beginning of the year.
However, some of these spilled over into European countries. As an example of this, both the US and the EU called out the cyberattack that took Viasat customers’ satellite broadband modems offline an hour before Russia’s ground invasion began. While the primary purpose of this attack was to disrupt Ukrainian communications during the invasion, by wiping the modems’ firmware remotely, it also disabled thousands of small aperture terminals in Ukraine and across Europe, knocking out people’s satellite connectivity and the remote monitoring of 5,800 wind turbines in Germany.
“This unacceptable cyberattack is yet another example of Russia’s continued pattern of irresponsible behavior in cyberspace, which also formed an integral part of its illegal and unjustified invasion of Ukraine,” the Council of the EU said in a statement.
Continued cyberattacks against Ukraine, including those attempting to target critical infrastructure, could put European citizens at risk, it added.
“The European Union, working closely with its partners, is considering further steps to prevent, discourage, deter and respond to such malicious behavior in cyberspace,” the council’s statement said. “The European Union will continue to provide coordinated political, financial and material support to Ukraine to strengthen its cyber resilience.”
When asked what further steps may be taken, an EU spokesperson said the government can use “all its diplomatic means” to mitigate threats, and this includes imposing sanctions on people or entities responsible for conducting cyberattacks against or threatening the EU and member states.
In a similarly worded statement, Blinken said America and its allies “are taking steps to defend against Russia’s irresponsible actions.” Several agencies, including the FBI, Department of Energy, CISA, and the US Agency for International Development (USAID) are providing technical and monetary support to help Ukraine identify threats and respond to attacks. Additionally, USAID has provided more than 6,750 emergency communications devices, including satellite phones and data terminals, to essential service providers, government officials, and critical infrastructure operators. ®