Skip to Content
Computing

Russia hacked an American satellite company one hour before the Ukraine invasion

The attack on Viasat showcases cyber’s emerging role in modern warfare.

child outside a destroyed residential building in Kiev
child outside a destroyed residential building in Kiev
Scenes of destruction on February 25 in Kyiv. Russian hackers launched their own attack just the day before.Pierre Crom/Getty Images

Just an hour before Russian troops invaded Ukraine, Russian government hackers targeted the American satellite company Viasat, officials from the US, EU, and UK said today.

The operation resulted in an immediate and significant loss of communication in the earliest days of the war for the Ukrainian military, which relied on Viasat’s services for command and control of the country’s armed forces. 

The Viasat cyberattack is the biggest known hack of the war, says Juan Andres Guerrero-Saade, a threat researcher at the cybersecurity firm SentinelOne "because it’s the most concerted effort to disable Ukrainian military capabilities.” It is also one of the first real-world examples of how cyberattacks can be targeted and timed to amplify military forces on the ground by disrupting and even destroying the technology used by enemy forces.

The attack, on February 24, launched destructive “wiper” malware called AcidRain against Viasat modems and routers, quickly erasing all the data on the system. The machines then rebooted and were permanently disabled. Thousands of terminals were effectively destroyed in this way. 

Guerrero-Saade, who has been at the forefront of research into AcidRain, says that where previous malware used by the Russians was narrowly targeted, AcidRaid is more of an all-purpose weapon.

“What’s massively concerning about AcidRaid is that they’ve taken all the safety checks off,” he says. “With previous wipers, the Russians were careful to only execute on specific devices. Now those safety checks are gone, and they are brute-forcing. They have a capability they can reuse. The question is, what supply-chain attack will we see next?”

The attack has turned out to be typical of the “hybrid” war strategy employed by Moscow, say experts. It was launched in concert with the invasion on the ground. That exact kind of coordination between Russian cyber operations and military forces has been seen at least six times, according to research from Microsoft, underlining the emerging role of cyber in modern warfare. 

“Russia’s coordinated and destructive cyberattack before the invasion of Ukraine shows that cyberattacks are used actively and strategically in modern-day warfare, even if the threat and consequences of a cyberattack are not always visible for the public,” the Danish defense minister, Morten Bødskov, said in a statement. “The cyber threat is constant and evolving. Cyberattacks can do great damage to our critical infrastructure, with fatal consequences.”

In this instance, the damage spilled over from Ukraine to affect thousands of internet users and internet-connected wind farms in central Europe. And the implications are even bigger than that: Viasat works with the US military and its partners around the world.

“Obviously, the Russians messed it up,” says Guerrero-Saade. “I don’t think they meant to have so much splash damage and get the European Union involved. They gave the EU pretext to react by having 5,800 German wind turbines and others around the EU impacted.” 

Just a few hours before AcidRain began its destructive work against Viasat, Russian hackers used another wiper, called HermeticWiper, against Ukrainian government computers. The playbook was eerily similar, except instead of satellite communications, the targets were Windows machines on networks that, in those early hours of the invasion, would be important for the government in Kyiv to mount an effective resistance. 

How effective these attacks have been remains an open question. A senior Ukraine official said the Viasat hack resulted in a “huge loss in communications in the very beginning of war” but offered no detail. 

Cyber is supporting military operations, but it’ll be a long time before we get a full view of all of the operations in play during this war. It’s clear from the way AcidRain was built, though, that we will likely see it in action again.

Deep Dive

Computing

Linux hack concept
Linux hack concept

The US military wants to understand the most important software on Earth

Open-source code runs on every computer on the planet—and keeps America’s critical infrastructure going. DARPA is worried about how well it can be trusted

Close up of worker inspecting chip in a clean room
Close up of worker inspecting chip in a clean room

Corruption is sending shock waves through China’s chipmaking industry

The arrests of several top semiconductor fund executives could force the government to rethink how it invests in the sector.

inflection point post-NSO concept
inflection point post-NSO concept

The hacking industry faces the end of an era

But even if NSO Group is no more, there are plenty of rivals who will rush in to take its place. And the same old problems haven’t gone away.

The Western Union Building, 60 Hudson Street, c. 1931.
The Western Union Building, 60 Hudson Street, c. 1931.

Energy-hungry data centers are quietly moving into cities

Companies are pushing more server farms into the hearts of population centers.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.