Viasat, Rosneft hit by cyberattacks as Ukraine war spills online
One shows signs of a state-sponsored intrusion, the other potentially not
Signs of Russian cyberattacks on Western-owned digital systems have begun to emerge – even as the German arm of Russian oil company Rosneft said it was breached over the weekend.
Germany's BSI – the Federal Office for Information Security, not to be confused with the British Standards Institute – told newspaper Welt am Sonntag that it had offered support to Rosneft after the attack.
"So far, there had been no effect on Rosneft's business or the supply situation," reported Reuters in an English roundup of German-language reporting on the attacks.
Local reports (sample here) claimed the Anonymous hacker collective had stolen 20TB of data. So far no evidence has emerged to substantiate this, such as posts on hacker forums.
Meanwhile, as Russian ground forces closed in on key Ukrainian cities including capital Kyiv, and airstrikes hit military bases near the western city of Lviv, the expected cyber-onslaught by Russia has largely failed to become reality.
- Sniff those Ukrainian emails a little more carefully, advises Uncle Sam in wake of Belarusian digital vandalism
- Chip world's major suppliers of neon gas shut down by Ukraine invasion – report
- Brit techie shows us life in Ukraine amid Russian invasion
- Conflict in Ukraine disrupts fragile supply chain recovery
Until last week, when it emerged that Western spy agencies were investigating a large-scale satellite broadband outage affecting satellite communications provider Viasat, which began on 24 February – the day Russia invaded Ukraine.
"We know that all impacted customers' modems will be rendered unusable and therefore we need to replace hardware," said a Viasat email to end users sent on 11 March and seen by The Register. This suggests modems have been rendered irrecoverable by the attack – potentially through wiper malware similar to that deployed by Belarusian sources against conventional IT networks when the invasion started.
The satellite affected was said to be Viasat's KA-SAT bird, which provides connectivity to the UK, continental Europe, western Russia, and Turkey. As well as its commercial interests on both sides of the Atlantic (including its ill-fated legal action against InMarSat a few years before buying its rival), Viasat is a US and UK military contractor.
We have contacted Viasat's representatives and await the company's comment. In October last year the company was awarded a US government "vulnerability assessment testing and response support" contract.
Both Britain's National Cyber Security Centre and the US CISA infosec agency both advise Western organisations to be on high alert (the CISA phrase is "shields up"), and have been doing so since the start of this year. Those warnings have been repeated by industry at intervals. ®