The European Union accused Russia on Tuesday of masterminding a destructive cyberattack that crippled a satellite internet company’s service.
The attack hit the European networks of the internet satellite company Viasat just as Russia began its invasion of Ukraine on Feb. 24. Viasat said that the attack interrupted service for tens of thousands of broadband customers across Europe. It also reportedly disrupted service for thousands of European wind turbines.
“This cyberattack had a significant impact causing indiscriminate communication outages and disruptions across several public authorities, businesses and users in Ukraine, as well as affecting several EU Member States,” the E.U. wrote in its official statement.
The U.S. and U.K. also released statements echoing the E.U. and alleging that Russia has been behind a series of cyberattacks on Ukraine that have included defacing websites and deploying malicious programs.
“This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe,” British Foreign Secretary Liz Truss said in a news release.
“Russia launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries,” U.S. Secretary of State Antony Blinken said in a statement.
Victor Zhora, a top Ukrainian cybersecurity official, previously told reporters that the Ukrainian military heavily relied on Viasat at the start of the war, and the hack significantly hampered its ability to communicate.
Cyberattacks on military targets are considered fair game between countries at war. But Western nations have long been worried about situations in which cyberattacks related to a localized conflict, if conducted recklessly, could spill into civilian infrastructure.
In the most destructive example of such an event, Russian military intelligence deployed malicious, self-replicating code nicknamed NotPetya against Ukrainian government computer networks in 2017. That cyberattack quickly spread out of control, and locked up computers around the world. The United States sanctioned Russia in 2018 over the incident.
While the E.U. has condemned individual state-affiliated hackers before, Tuesday’s statement is the first time that it cited its own intelligence to blame a specific nation for destructive behavior in cyberspace.
The statement could be the precursor to further sanctions on Russian hackers, said Julia Schuetze, the junior director of cybersecurity policy at Stiftung Neue Verantwortung, a Berlin think tank. The E.U. said that Russia’s hack caused “significant impact,” which is key language for the bloc to issue sanctions over a cyberattack, she said.