Russia hacked an American satellite company one hour before the Ukraine invasion

Guerrero-Saade, who has been at the forefront of research into AcidRain, says that where previous malware used by the Russians was narrowly targeted, AcidRaid is more of an all-purpose weapon.

“What’s massively concerning about AcidRaid is that they’ve taken all the safety checks off,” he says. “With previous wipers, the Russians were careful to only execute on specific devices. Now those safety checks are gone, and they are brute-forcing. They have a capability they can reuse. The question is, what supply-chain attack will we see next?”

The attack has turned out to be typical of the “hybrid” war strategy employed by Moscow, say experts. It was launched in concert with the invasion on the ground. That exact kind of coordination between Russian cyber operations and military forces has been seen at least six times, according to research from Microsoft, underlining the emerging role of cyber in modern warfare. 

“Russia’s coordinated and destructive cyberattack before the invasion of Ukraine shows that cyberattacks are used actively and strategically in modern-day warfare, even if the threat and consequences of a cyberattack are not always visible for the public,” the Danish defense minister, Morten Bødskov, said in a statement. “The cyber threat is constant and evolving. Cyberattacks can do great damage to our critical infrastructure, with fatal consequences.”

In this instance, the damage spilled over from Ukraine to affect thousands of internet users and internet-connected wind farms in central Europe. And the implications are even bigger than that: Viasat works with the US military and its partners around the world.

“Obviously, the Russians messed it up,” says Guerrero-Saade. “I don’t think they meant to have so much splash damage and get the European Union involved. They gave the EU pretext to react by having 5,800 German wind turbines and others around the EU impacted.” 

Just a few hours before AcidRain began its destructive work against Viasat, Russian hackers used another wiper, called HermeticWiper, against Ukrainian government computers. The playbook was eerily similar, except instead of satellite communications, the targets were Windows machines on networks that, in those early hours of the invasion, would be important for the government in Kyiv to mount an effective resistance.