Security News > 2022 > March > New AcidRain data wiper malware targets modems and routers
A newly discovered data wiper malware that wipes routers and modems has been loosely linked to the cyberattack that targeted the KA-SAT satellite broadband service on February 24, affecting thousands in Ukraine and tens of thousands across Europe.
To destroy data on compromised devices, the wiper overwrites file contents with up to 0x40000 bytes of data or uses MEMGETINFO, MEMUNLOCK, MEMERASE, and MEMWRITEOOB input/output control system calls.
Based on the name of the AcidRain binary uploaded to VirusTotal, which could be an abbreviation of "Ukraine Operation," SentinelOne suspects that the malware might have been developed explicitly for an operation against Ukraine and likely used to wipe modems in the KA-SAT cyberattack.
As a side note, the IOCTLs used by this malware also match the ones used by the VPNFilter malware 'dstr' wiper plugin, a malicious tool attributed to Russian GRU hackers.
If SentinelOne's KA-SAT hypothesis is confirmed, AcidRain would be the sixth data wiper malware deployed in attacks against Ukraine since the start of the year.
The day Russia invaded Ukraine, they also discovered a data wiper dubbed IsaacWiper and a new worm named HermeticWizard used to drop HermeticWiper payloads.