Russia is believed to have hacked US satellite communications provider Viasat on the day of its invasion of Ukraine.
Western intelligence agencies have been investigating the incident and while they have not yet made a public accusation, they believe Russia was behind it.
It appears to be the most significant cyber-attack linked to the conflict so far, affecting military, as well as government, communications.
Overall though, Western officials say Ukraine has proved more resilient to cyber-attacks than many had expected.
Western intelligence agencies are investigating the hacking of Viasat, which provides communications through a network of satellites.
It appears to have been hit by a sophisticated cyber-attack that wiped devices on the day the invasion began.
It also affected other countries in Europe, although not the UK.
Viasat told the BBC that it was replacing some customers’ modems but its core network infrastructure and the satellite itself were not damaged.
“Viasat is actively working with distributors to restore service for those fixed broadband users in Europe impacted by this event,” it said in a statement.
The company did not say who it thought was behind the cyber-attack and said the US government would provide attribution in due course.
“It looks like the clearest example of spill-over,” said one official.
Western officials believe this was almost certainly the work of Russia but have not yet assembled the evidence to make a public accusation.
“Were it to be ultimately attributed to Russia, it would very much fit with what we expect them to do, which is use their cyber-capability to support their military campaign,” said one Western official.
They believe it fits closely into Russian military doctrine, in which cyber-attacks are used to support specific military objectives – in this case trying to sow confusion by disrupting Ukrainian command and control.
In recent days, US cyber-authorities have warned that they are “aware of possible threats to US and international satellite communication networks”, and America’s FBI and Cybersecurity and Infrastructure Security Agency (Cisa) have urged providers to improve their security because of the continuing potential risks.
Russia’s military intelligence agency, the GRU, is thought to have been behind the Viasat hack, according to a report in the Washington Post.
Other officials also say that the GRU has led in operations against Ukraine.
Limited tech damage
In the initial phases of the Russian invasion, many had predicted large-scale destructive cyber-activity from Moscow.
Russian state hackers linked to the GRU in the past have managed to turn off the power for hundreds of thousands of Ukrainians. But nothing on this scale was seen.
Western analysts believe there are several reasons for the absence of significant destructive attacks.
Russia believed the government in Kyiv would be toppled quickly and a new pro-Moscow replacement would be put in place.
In this scenario, destroying infrastructure would serve little purpose.
Destructive cyber-attacks take time to prepare and Moscow’s state hackers may also not have had sufficient notice since, like much of the military, they may not have known an invasion was being planned until the last minute.
Another reason is that when it comes to a full military conflict, hard military power can be more reliable in destroying targets such as TV towers than cyber-attacks, which are not always guaranteed to work.
But Western officials caution against the idea that there have not been cyber-attacks. They say that the Ukrainians may simply have been resilient to the attacks that did come their way.
“We have seen broad targeting of Ukrainian networks and systems,” one official said.
“There was a significant amount of intent on the part of Russia to disrupt Ukrainian systems before the invasion,” an official also noted.
So-called “wiper” software was used to target government systems in January and February, just days before the invasion.
But officials say they believe Ukrainian defences held up well against attacks, which came from several Russian state-linked groups.
The experience of previous attacks may also have helped.