Officials in the US and Ukraine had long believed that Russia was answerable for the cyberattack against Viasat, but had not formally “attributed” the incident to Russia. While U.S. officials reached their conclusions way back, they wanted European nations to take the lead, for the reason that attack had significant reverberations in Europe but not in the US.
The statements released Tuesday stopped wanting naming a selected Russian-sponsored hacking group for orchestrating the attack, an unusual omission as the US has routinely revealed information in regards to the specific intelligence services answerable for attacks, partly to exhibit its visibility into the Russian government.
“We now have and can proceed to work closely with relevant law enforcement and governmental authorities as a part of the continuing investigation,” said Dan Bleier, a spokesman for Viasat. Mandiant, the cybersecurity firm hired by Viasat to research the matter, declined to comment on its findings.
But researchers on the cybersecurity firm SentinelOne believed that the Viasat hack was likely the work of the G.R.U., Russia’s military intelligence unit. The malware utilized in the attack, often called AcidRain, shared significant similarities with other malware previously utilized by the G.R.U., SentinelOne researchers said.
Unlike its predecessor malware, which is often called VPNFilter and was built to destroy specific computer systems, AcidRain was created as a multipurpose tool that would easily be used against a wide selection of targets, researchers said. In 2018, the Justice Department and the Federal Bureau of Investigation said that Russia’s G.R.U. was answerable for creating the VPNFilter malware.
The AcidRain malware is “a really generic solution, within the scariest sense of the word,” said Juan Andres Guerrero-Saade, a principal threat researcher at SentinelOne. “They will take this tomorrow and, in the event that they need to do a supply chain attack against routers or modems within the U.S., AcidRain would work.”
U.S. officials have warned that Russia could perform a cyberattack against U.S. critical infrastructure and have urged corporations to strengthen their online defenses. The U.S. has also aided Ukraine in detecting and responding to Russian cyberattacks, the State Department said.