Guerrero-Saade, who has been at the forefront of AcidRain research, said that while the malware used by the Russians in the past was just targeting, AcidRaid is more of a multipurpose weapon.
“The most worrying thing about AcidRaid is that they’ve removed all security checks,” he said. “For previous wipers, the Russians were careful to only perform on specific devices. Now those safety checks are gone, they are brute force. They have a capability that can be reused. The question is, what will we see next Such a supply chain attack?”
Experts said the attack proved typical of the “hybrid” warfare strategy employed by Moscow. It was fired in sync with the ground intrusion. This precise coordination between Russian cyber operations and the military has occurred at least six times, according to Microsoft research, underscoring the emerging role of cyber in modern warfare.
Danish Defense Minister Morten Bødskov said: “The coordinated and destructive Russian cyberattack prior to the invasion of Ukraine shows that cyberattacks are actively and strategically used in modern warfare, even when the Threats and consequences are not always visible to the public,” said in a statement. “Cyberthreats are continuous and evolving. Cyberattacks can wreak havoc on our critical infrastructure with deadly consequences.”
In this case, the damage spread from Ukraine to thousands of internet users and connected wind farms in Central Europe. Its impact is even bigger: Viasat works with the U.S. military and its partners around the world.
“Obviously, the Russians screwed up,” Guerrero-Sade said. “I don’t think they intended to do such a big splash damage and get the EU involved. They gave the EU an excuse to have 5,800 German wind turbines and others around the EU affected.”
Just hours before AcidRain began its destructive work on Viasat, Russian hackers used another wiper called HermeticWiper to attack Ukrainian government computers. The playbook is very similar, with the exception of satellite communications, targeting Windows machines on the network that were important for the Kyiv government to effectively resist in the early days of the intrusion.