Skip to Content
Computing

Russia hacked an American satellite company one hour before the Ukraine invasion

The attack on Viasat showcases cyber’s emerging role in modern warfare.

child outside a destroyed residential building in Kiev
child outside a destroyed residential building in Kiev
Scenes of destruction on February 25 in Kyiv. Russian hackers launched their own attack just the day before.Pierre Crom/Getty Images

Just an hour before Russian troops invaded Ukraine, Russian government hackers targeted the American satellite company Viasat, officials from the US, EU, and UK said today.

The operation resulted in an immediate and significant loss of communication in the earliest days of the war for the Ukrainian military, which relied on Viasat’s services for command and control of the country’s armed forces. 

The Viasat cyberattack is the biggest known hack of the war, says Juan Andres Guerrero-Saade, a threat researcher at the cybersecurity firm SentinelOne "because it’s the most concerted effort to disable Ukrainian military capabilities.” It is also one of the first real-world examples of how cyberattacks can be targeted and timed to amplify military forces on the ground by disrupting and even destroying the technology used by enemy forces.

The attack, on February 24, launched destructive “wiper” malware called AcidRain against Viasat modems and routers, quickly erasing all the data on the system. The machines then rebooted and were permanently disabled. Thousands of terminals were effectively destroyed in this way. 

Guerrero-Saade, who has been at the forefront of research into AcidRain, says that where previous malware used by the Russians was narrowly targeted, AcidRaid is more of an all-purpose weapon.

“What’s massively concerning about AcidRaid is that they’ve taken all the safety checks off,” he says. “With previous wipers, the Russians were careful to only execute on specific devices. Now those safety checks are gone, and they are brute-forcing. They have a capability they can reuse. The question is, what supply-chain attack will we see next?”

The attack has turned out to be typical of the “hybrid” war strategy employed by Moscow, say experts. It was launched in concert with the invasion on the ground. That exact kind of coordination between Russian cyber operations and military forces has been seen at least six times, according to research from Microsoft, underlining the emerging role of cyber in modern warfare. 

“Russia’s coordinated and destructive cyberattack before the invasion of Ukraine shows that cyberattacks are used actively and strategically in modern-day warfare, even if the threat and consequences of a cyberattack are not always visible for the public,” the Danish defense minister, Morten Bødskov, said in a statement. “The cyber threat is constant and evolving. Cyberattacks can do great damage to our critical infrastructure, with fatal consequences.”

In this instance, the damage spilled over from Ukraine to affect thousands of internet users and internet-connected wind farms in central Europe. And the implications are even bigger than that: Viasat works with the US military and its partners around the world.

“Obviously, the Russians messed it up,” says Guerrero-Saade. “I don’t think they meant to have so much splash damage and get the European Union involved. They gave the EU pretext to react by having 5,800 German wind turbines and others around the EU impacted.” 

Just a few hours before AcidRain began its destructive work against Viasat, Russian hackers used another wiper, called HermeticWiper, against Ukrainian government computers. The playbook was eerily similar, except instead of satellite communications, the targets were Windows machines on networks that, in those early hours of the invasion, would be important for the government in Kyiv to mount an effective resistance. 

How effective these attacks have been remains an open question. A senior Ukraine official said the Viasat hack resulted in a “huge loss in communications in the very beginning of war” but offered no detail. 

Cyber is supporting military operations, but it’ll be a long time before we get a full view of all of the operations in play during this war. It’s clear from the way AcidRain was built, though, that we will likely see it in action again.

Deep Dive

Computing

Conceptual illustration of quantum computing circuity, in multiple colors
Conceptual illustration of quantum computing circuity, in multiple colors

Quantum computing has a hype problem

Quantum computing startups are all the rage, but it’s unclear if they’ll be able to produce anything of use in the near future.

winning team for Pwn2own 2022
winning team for Pwn2own 2022

These hackers showed just how easy it is to target critical infrastructure

Two Dutch researchers have won a major hacking championship by hitting the software that runs the world’s power grids, gas pipelines, and more. It was their easiest challenge yet.

Russia is risking the creation of a “splinternet”—and it could be irreversible

If Russia disconnects from—or is booted from— the internet’s governing bodies, the internet may never be the same again for any of us.

A rescuers search for bodies under the rubble of a building destroyed by Russian shelling, amid Russia's Invasion of Ukraine, in Borodyanka, Kyiv region, Ukraine, April 11, 2022. (Photo by Sergii Kharchenko/NurPhoto via AP)
A rescuers search for bodies under the rubble of a building destroyed by Russian shelling, amid Russia's Invasion of Ukraine, in Borodyanka, Kyiv region, Ukraine, April 11, 2022. (Photo by Sergii Kharchenko/NurPhoto via AP)

Russian hackers tried to bring down Ukraine’s power grid to help the invasion

As Russia’s ground war stalls, hackers attempted to cause a blackout for two million people.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.