UK, EU, US formally blame Russia for Viasat satellite hack before Ukraine invasion

The British statement cites joint U.K./U.S. intelligence, representing the most formal U.S. attribution to date.
The burnt wreckage of Russian military equipment lies on the road on April 01, 2022 in Makariv, Ukraine. (Photo by Serhii Mykhalchuk/Global Images Ukraine via Getty Images)

The European Union, the United Kingdom and the U.S. government formally blamed the Russian government for the Feb. 24 hack of satellite modems in Europe in the hours before the invasion of Ukraine.

The formal attribution came in coordinated statements Tuesday from the U.K.’s National Cyber Security Centre and the Council of the European Union. The British statement — which cites “new UK and US intelligence” — noted that the Viasat hack was just one of several cyberattacks the Russian government launched prior to the invasion of Ukraine, including the Jan. 13 defacement of Ukrainian websites and the deployment of destructive malware researchers later dubbed Whispergate.

Later Tuesday morning U.S. Secretary of State Anthony Blinken said in a statement that the U.S. was also “sharing publicly its assessment that Russia launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries.”

The governments of Canada and Australia also issued statements Tuesday blaming the Russian government for the Viasat hack. The government of New Zealand issued a statement Tuesday announcing sanctions “targeting disinformation and those responsible for cyber attacks on Ukraine,” without specifically mentioning Viasat.


Anonymous U.S. officials told the Washington Post on March 24 that Russian military hackers were behind the attack, but until Tuesday the U.S. government had not participated in any formal attribution.

Ukrainian government officials have long blamed the Russian government for the Viasat hack, which targeted modems and the satellite network operated by Viasat, a California-based communications firm.

The Viasat hack is “yet another example of Russia’s continued pattern of irresponsible behaviour in cyberspace, which also formed an integral part of its illegal and unjustified invasion
of Ukraine.”

Council of the European union

The British government seemed to point the finger at the GRU, the Russian military intelligence group with a history of high-profile hacking activities against targets around the world, including the U.S. The British statement noted the government there had “already sanctioned the GRU after their appalling actions in Salisbury” — referring to the 2018 poisoning of targets within England — and said it had frozen more than £940 billion worth of bank assets and £117 billion in personal net worth “from oligarchs and their family members who fund Putin’s war machine.”

U.K. Foreign Secretary Liz Truss said in Tuesday’s statement that the joint U.K./U.S. intelligence “is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe.”


“We will continue to call out Russia’s malign behaviour and unprovoked aggression across land, sea and cyberspace, and ensure it faces severe consequences,” she said.

The EU statement said the council and its “international partners strongly condemn the malicious cyber activity conducted by the Russian Federation against Ukraine.” The attack had “significant impact causing indiscriminate communication outages and disruptions across several public authorities, businesses and users in Ukraine, as well as affecting several EU Member States,” the group said in its statement.

The EU statement said the hack was “yet another example of Russia’s continued pattern of irresponsible behaviour in cyberspace, which also formed an integral part of its illegal and unjustified invasion of Ukraine.”

The Viasat hack was “perhaps the most impactful [cyber] attack of the Russian invasion so far,” SentinelOne threat researcher Juan Andrés Guerrero-Saade told CyberScoop on March 31 after releasing an analysis of the malware involved. Tens of thousands of the company’s modems had to be replaced after the attack, the company said in a March 30 statement.

The Russian embassy did not immediately answer a request for comment.


Russia declared war against Ukraine on Feb. 24., 2022. Before, during and after the military campaign began, the CyberScoop staff has been tracking the cyber dimensions of the conflict.

This story was featured in CyberScoop Special Report: War in Ukraine

Latest Podcasts