US Department of State now condemns Russia’s destructive cyber activities against Ukraine

The U.S. Department of State said on Tuesday that is joining with allies and partners to condemn Russia’s destructive cyber activities against Ukraine. In the months leading up to and after Russia’s illegal further invasion began, Ukraine experienced a series of disruptive cyber operations, including website defacements, distributed denial-of-service (DDoS) attacks, and cyberattacks to delete data from computers belonging to both government and private entities.

“Today, in support of the European Union and other partners, the United States is sharing publicly its assessment that Russia launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries,” Antony J. Blinken, U.S. Secretary of State, said in the statement. “The activity disabled very small aperture terminals in Ukraine and across Europe.  This includes tens of thousands of terminals outside of Ukraine that, among other things, support wind turbines and provide Internet services to private citizens,” he added.

The statement said that the U.S. has assessed that Russian military cyber operators have deployed multiple families of destructive wiper malware, including WhisperGate, on Ukrainian government and private sector networks. “These disruptive cyber operations began in January 2022, prior to Russia’s illegal further invasion of Ukraine and have continued throughout the war,” it added. 

As nations committed to upholding the rules-based international order in cyberspace, the U.S. and its allies and partners are taking steps to defend against Russia’s irresponsible actions, according to Blinken. “The U.S. Government has developed new mechanisms to help Ukraine identify cyber threats and recover from cyber incidents. We have also enhanced our support for Ukraine’s digital connectivity, including by providing satellite phones and data terminals to Ukrainian government officials, essential service providers, and critical infrastructure operators,” he added. 

Furthermore, Blinken praised Ukraine’s efforts—both in and outside of government—to defend against and recover from such cyber activities, even as its country is under physical attack.

Leading up to and during Russia’s unprovoked and illegal further invasion of Ukraine, the U.S. has supported Ukraine’s continued access to the Internet and enhanced Ukraine’s cyber defenses. 

As part of these efforts, coordinated across the U.S. government, the “Federal Bureau of Investigation (FBI) has provided direct support to its Ukrainian national security and law enforcement partners, including briefing Ukrainian partners on Russian intelligence services’ cyber operations; sharing cyber threat information about potential or ongoing malicious cyber activity; helping to disrupt nation-state efforts to spread disinformation and target the Ukrainian government and military; and sharing investigative methods and cyber incident response best practices,” the State Department said in a Fact Sheet released Tuesday. 

“The FBI also has received threat intelligence and leads from its Ukrainian partners for action using the FBI’s unique investigative and intelligence capabilities,” according to the Fact Sheet. “FBI, State, and other U.S. government agencies have also assisted Ukraine with identifying and procuring hardware and software to support network defense,” it added.

Additionally, technical experts funded by the U.S. Agency for International Development (USAID) are providing hands-on support to essential service providers within the Ukrainian government including government ministries and critical infrastructure operators to identify malware and restore systems after an incident has occurred, according to the Fact Sheet. “USAID has provided more than 6,750 emergency communications devices, including satellite phones and data terminals, to essential service providers, government officials, and critical infrastructure operators in key sectors such as energy and telecommunications,” it added.

The U.S. Department of Energy (DOE) and other interagency partners “are working with Ukraine on efforts related to further integrating Ukraine’s electrical grid with the European Network of Transmission System Operators for Electricity (ENTSO-E), including meeting cybersecurity requirements and enhancing the resilience of its energy sector” the Fact Sheet said. “Full ENTSO-E integration is key to protecting Ukraine’s financial, energy, and national security,” it added.

The DOE has had a long-standing relationship with the energy sector in Ukraine, including work with Ukrainian utilities to help enhance their cybersecurity posture. “In the leadup to Russia’s further invasion of Ukraine, DOE, leveraging the expertise of our National Labs, worked with utilities to focus on potential near-term cybersecurity enhancements, while also continuing our work on long-term resilience efforts,” the Fact Sheet added.

Moreover, the Cybersecurity and Infrastructure Security Agency (CISA) exchanged technical information on cyber activities and cybersecurity threats related to Russia’s further invasion of Ukraine with key partners, including Ukraine, the Fact Sheet revealed. In February, CISA issued an alert providing technical details and mitigation guidance on destructive malware targeting organizations in Ukraine. Last month, U.S. cybersecurity agencies updated the earlier advisory to include additional Indicators of Compromise (IOCs) for WhisperGate and provided technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware. 

The U.S. government’s efforts, closely coordinated with the private sector and international partners, support Ukraine’s network defenders and telecommunications professionals, who continue to defend Ukrainian networks and repair infrastructure, often at direct risk to their lives, the Fact Sheet said. “The United States condemns actions that block or degrade access to the Internet in Ukraine, which sever critical channels for sharing and learning information, including about the war,” it added.

The Fact Sheet also revealed that ahead of February this year, the U.S. government worked closely with Ukrainian government ministries and critical infrastructure sectors to support Ukraine’s cyber resilience, including by providing over $40 million in cyber capacity development assistance since 2017. 

“From December 2021 to February 2022, cyber experts from U.S. Cyber Command conducted defensive cyber operations alongside Ukrainian Cyber Command personnel, as part of a wider effort to increase cyber resilience in critical networks,” the Fact Sheet said. “Cyber professionals from both countries sat side by side, looking for adversary activity and identifying vulnerabilities. In addition to this effort, the team provided remote analytic and advisory support aligned to critical networks from outside Ukraine,” it added.

The Blinken statement adds its force to the March joint cybersecurity advisory issued by the CISA and the FBI, which called for strengthening the cybersecurity of national and international satellite communication (SATCOM) networks, in the wake of rising cyber activities and concerns of possible threats to these networks. The agencies reveal that successful intrusions could create risk in SATCOM network providers’ customer environments.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.