IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Five Eyes and US governments finally confirm Russia was behind Ukrainian government, Viasat cyber attacks

NCSC detailed the government-level attribution process at CYBERUK 2022 and why it took so much longer to assign blame compared to the private sector

The UK, US, and EU have confirmed today that they have assigned attribution for cyber attacks on Ukrainian infrastructure in the early stages of the Ukraine war to Russia after a lengthy attribution process.

Senior leaders at the National Cyber Security Centre (NCSC) said the attribution process involves meeting a 95-100% confidence threshold and this is why the official attribution was delayed.

Five Eyes and EU intelligence suggests with confidence that the attacks on Ukrainian government websites on 13 January, which involved the deployment of the Whispergate destructive ‘wiper’ malware, and a 24 February attack on global communications company Viasat, can be attributed to the Russian military intelligence service (GRU).

The latter attack is seen as the most significant example of the spillover effects of cyber warfare that many experts in the cyber security industry feared would take place in the early stages of the conflict.

The attack on Viasat took place one hour before the official invasion of Ukraine and was originally attributed to Russia by cyber security company SentinelLabs in March after Russian cyber attacks rendered many of the company’s modems inoperable.

The aftershock of the attack was felt across Europe with wind farms experiencing disruptions as well as individual internet users experiencing outages.

Official attribution took longer given the higher threshold of confidence Five Eyes and EU governments must meet in order to go public with their assessments, but today officials said the degree of confidence is classified as ‘almost certain’ - the highest level of confidence.

“For us to be saying ‘almost certain’ that, for us, is a very high bar,” said Paul Chichester, director of operations at the NCSC. “This implies a much deeper understanding of the actor, how they did it, their motivation, and intent.”

Related Resource

The Total Economic Impact™ of IBM Security MaaS360 with Watson

Cost savings and business benefits enabled by MaaS360

Whitepaper cover with title and green square graphic to rightFree Download

GCHQ director Sir Jeremy Fleming said in his speech opening today’s CYBERUK conference that attribution is important so threat actors cannot act without impunity - a sentiment echoed by NCSC CEO Lindy Cameron at a press conference held later at the event.

“This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe,” said Liz Truss, foreign secretary.

“We will continue to call out Russia’s malign behaviour and unprovoked aggression across land, sea, and cyberspace, and ensure it faces severe consequences.”

The announcement coincides with the first day of the NCSC’s annual CYBERUK event which has seen the ongoing conflict in Ukraine form a key theme of discussions. 

“The UK has already sanctioned the GRU after their appalling actions in Salisbury, and has frozen more than £940 billion worth of bank assets and £117 billion in personal net worth from oligarchs and their family members who fund Putin’s war machine,” said the Foreign, Commonwealth and Development Office.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download


What is cyber warfare?

What is cyber warfare?

20 May 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
16 ways to speed up your laptop

16 ways to speed up your laptop

13 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022