Five Eyes and US governments finally confirm Russia was behind Ukrainian government, Viasat cyber attacks

Lizz Truss headshot, wearing a remembrance day poppy
(Image credit: Getty Images)

The UK, US, and EU have confirmed today that they have assigned attribution for cyber attacks on Ukrainian infrastructure in the early stages of the Ukraine war to Russia after a lengthy attribution process.

Senior leaders at the National Cyber Security Centre (NCSC) said the attribution process involves meeting a 95-100% confidence threshold and this is why the official attribution was delayed.

Five Eyes and EU intelligence suggests with confidence that the attacks on Ukrainian government websites on 13 January, which involved the deployment of the Whispergate destructive ‘wiper’ malware, and a 24 February attack on global communications company Viasat, can be attributed to the Russian military intelligence service (GRU).

The latter attack is seen as the most significant example of the spillover effects of cyber warfare that many experts in the cyber security industry feared would take place in the early stages of the conflict.

The attack on Viasat took place one hour before the official invasion of Ukraine and was originally attributed to Russia by cyber security company SentinelLabs in March after Russian cyber attacks rendered many of the company’s modems inoperable.

The aftershock of the attack was felt across Europe with wind farms experiencing disruptions as well as individual internet users experiencing outages.

Official attribution took longer given the higher threshold of confidence Five Eyes and EU governments must meet in order to go public with their assessments, but today officials said the degree of confidence is classified as ‘almost certain’ - the highest level of confidence.

“For us to be saying ‘almost certain’ that, for us, is a very high bar,” said Paul Chichester, director of operations at the NCSC. “This implies a much deeper understanding of the actor, how they did it, their motivation, and intent.”


The Total Economic Impact™ of IBM Security MaaS360 with Watson

Cost savings and business benefits enabled by MaaS360


GCHQ director Sir Jeremy Fleming said in his speech opening today’s CYBERUK conference that attribution is important so threat actors cannot act without impunity - a sentiment echoed by NCSC CEO Lindy Cameron at a press conference held later at the event.

“This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe,” said Liz Truss, foreign secretary.

“We will continue to call out Russia’s malign behaviour and unprovoked aggression across land, sea, and cyberspace, and ensure it faces severe consequences.”

The announcement coincides with the first day of the NCSC’s annual CYBERUK event which has seen the ongoing conflict in Ukraine form a key theme of discussions.

“The UK has already sanctioned the GRU after their appalling actions in Salisbury, and has frozen more than £940 billion worth of bank assets and £117 billion in personal net worth from oligarchs and their family members who fund Putin’s war machine,” said the Foreign, Commonwealth and Development Office.

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.