Officials in the United States and Ukraine had long believed that Russia was responsible for the cyberattack against Viasat, but had not formally “attributed” the incident to Russia. While U.S. officials reached their conclusions long ago, they wanted European nations to take the lead, since the attack had significant reverberations in Europe but not in the United States.
The statements released Tuesday stopped short of naming a particular Russian-sponsored hacking group for orchestrating the attack, an unusual omission as the United States has routinely revealed information about the specific intelligence services responsible for attacks, in part to demonstrate its visibility into the Russian government.
“We have and will continue to work closely with relevant law enforcement and governmental authorities as part of the ongoing investigation,” said Dan Bleier, a spokesman for Viasat. Mandiant, the cybersecurity firm hired by Viasat to investigate the matter, declined to comment on its findings.
But researchers at the cybersecurity firm SentinelOne believed that the Viasat hack was likely the work of the G.R.U., Russia’s military intelligence unit. The malware used in the attack, known as AcidRain, shared significant similarities with other malware previously used by the G.R.U., SentinelOne researchers said.
Unlike its predecessor malware, which is known as VPNFilter and was built to destroy specific computer systems, AcidRain was created as a multipurpose tool that could easily be used against a wide variety of targets, researchers said. In 2018, the Justice Department and the Federal Bureau of Investigation said that Russia’s G.R.U. was responsible for creating the VPNFilter malware.
The AcidRain malware is “a very generic solution, in the scariest sense of the word,” said Juan Andres Guerrero-Saade, a principal threat researcher at SentinelOne. “They can take this tomorrow and, if they want to do a supply chain attack against routers or modems in the U.S., AcidRain would work.”
U.S. officials have warned that Russia could carry out a cyberattack against U.S. critical infrastructure and have urged companies to strengthen their online defenses. The U.S. has also aided Ukraine in detecting and responding to Russian cyberattacks, the State Department said.