Russian Hacker

Five Eyes and US governments finally confirm Russia was behind Ukrainian government, Viasat cyber attacks

NCSC detailed the government-level attribution process at CYBERUK 2022 and why it took so much longer to assign blame compared to the private sector
Image: Shutterstock

11 May 2022

The UK, US, and EU have confirmed that they have assigned attribution for cyber attacks on Ukrainian infrastructure in the early stages of the Ukraine war to Russia after a lengthy attribution process.

Senior leaders at the National Cyber Security Centre (NCSC) said the attribution process involves meeting a 95-100% confidence threshold and this is why the official attribution was delayed.

Five Eyes and EU intelligence suggests with confidence that the attacks on Ukrainian government websites on 13 January, which involved the deployment of the Whispergate destructive ‘wiper’ malware, and a 24 February attack on global communications company Viasat, can be attributed to the Russian military intelligence service (GRU).




The latter attack is seen as the most significant example of the spillover effects of cyber warfare that many experts in the cyber security industry feared would take place in the early stages of the conflict.

The attack on Viasat took place one hour before the official invasion of Ukraine and was originally attributed to Russia by cyber security company SentinelLabs in March after Russian cyber attacks rendered many of the company’s modems inoperable.

The aftershock of the attack was felt across Europe with wind farms experiencing disruptions as well as individual Internet users experiencing outages.

Official attribution took longer given the higher threshold of confidence Five Eyes and EU governments must meet in order to go public with their assessments, but officials have said the degree of confidence is classified as ‘almost certain’ – the highest level of confidence.

“For us to be saying ‘almost certain’ that, for us, is a very high bar,” said Paul Chichester, director of operations at the NCSC. “This implies a much deeper understanding of the actor, how they did it, their motivation, and intent.”

GCHQ director Sir Jeremy Fleming said in his speech opening today’s CYBERUK conference that attribution is important so threat actors cannot act without impunity – a sentiment echoed by NCSC CEO Lindy Cameron at a press conference held later at the event.

“This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe,” said Liz Truss, foreign secretary.

“We will continue to call out Russia’s malign behaviour and unprovoked aggression across land, sea, and cyberspace, and ensure it faces severe consequences.”

© Dennis Publishing

Read More:

Comments are closed.

Back to Top ↑