The UK, US, and EU have confirmed today that they have assigned attribution for cyber attacks on Ukrainian infrastructure in the early stages of the Ukraine war to Russia after a lengthy attribution process.
Senior leaders at the National Cyber Security Centre (NCSC) said the attribution process involves meeting a 95-100% confidence threshold and this is why the official attribution was delayed.
Five Eyes and EU intelligence suggests with confidence that the attacks on Ukrainian government websites on 13 January, which involved the deployment of the Whispergate destructive ‘wiper’ malware, and a 24 February attack on global communications company Viasat, can be attributed to the Russian military intelligence service (GRU).
The latter attack is seen as the most significant example of the spillover effects of cyber warfare that many experts in the cyber security industry feared would take place in the early stages of the conflict.
The attack on Viasat took place one hour before the official invasion of Ukraine and was originally attributed to Russia by cyber security company SentinelLabs in March after Russian cyber attacks rendered many of the company’s modems inoperable.
The aftershock of the attack was felt across Europe with wind farms experiencing disruptions as well as individual internet users experiencing outages.
Official attribution took longer given the higher threshold of confidence Five Eyes and EU governments must meet in order to go public with their assessments, but today officials said the degree of confidence is classified as ‘almost certain’ - the highest level of confidence.
“For us to be saying ‘almost certain’ that, for us, is a very high bar,” said Paul Chichester, director of operations at the NCSC. “This implies a much deeper understanding of the actor, how they did it, their motivation, and intent.”
RELATED RESOURCE
The Total Economic Impact™ of IBM Security MaaS360 with Watson
Cost savings and business benefits enabled by MaaS360
GCHQ director Sir Jeremy Fleming said in his speech opening today’s CYBERUK conference that attribution is important so threat actors cannot act without impunity - a sentiment echoed by NCSC CEO Lindy Cameron at a press conference held later at the event.
“This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe,” said Liz Truss, foreign secretary.
“We will continue to call out Russia’s malign behaviour and unprovoked aggression across land, sea, and cyberspace, and ensure it faces severe consequences.”
The announcement coincides with the first day of the NCSC’s annual CYBERUK event which has seen the ongoing conflict in Ukraine form a key theme of discussions.
“The UK has already sanctioned the GRU after their appalling actions in Salisbury, and has frozen more than £940 billion worth of bank assets and £117 billion in personal net worth from oligarchs and their family members who fund Putin’s war machine,” said the Foreign, Commonwealth and Development Office.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
ASUS, Cisco, Netgear devices exploited in ongoing Chinese hacking campaignNews Critical national infrastructure is the target of sustained attempts from state-sponsored hackers, according to Five Eyes advisories
-
Off-the-shelf ransomware is spurring a new era in the Ukraine warNews Experts agreed Russian forces could be overwhelmed, forced to use less sophisticated tools to meet the regime's demands
-
NCSC: “New class” of Russian cyber attackers seek to destroy critical infrastructureNews The cyber threat has been raised due to the heightened risk of ideologically driven cyber attacks from Russia-aligned adversaries
-
NCSC warns UK under state-sponsored spear-phishing attacks from Russia and IranNews The acceleration in spear-phishing campaigns last year coincided with the escalating conflict in Ukraine, according to the NCSC
-
NCSC founder details 'biggest regret' in underestimating organised cyber crimeNews In a rare public address, Martin also detailed his proudest achievement and how the idea for the NCSC came to be
-
Second Singtel subsidiary breach in a month sees customer and client data leakedNews The incident at Singtel subsidiary Dialog follows the earlier breach at Singtel-owned Optus, Australia's second-largest telco
-
UK, US condemn Iran for ‘unprecedented’ cyber attack against AlbaniaNews The Balkan nation has cut ties with Iran following the hack, which took down national infrastructure and exposed government information
-
Cyber attack on software supplier causes "major outage" across the NHSNews Unconfirmed reports suggest the attack may be ransomware-related, while the NHS contends with disrupted services on the 111 non-emergency line
