Security News > 2022 > March > New AcidRain data wiper malware targets modems and routers
A newly discovered data wiper malware that wipes routers and modems has been loosely linked to the cyberattack that targeted the KA-SAT satellite broadband service on February 24, affecting thousands in Ukraine and tens of thousands across Europe.
To destroy data on compromised devices, the wiper overwrites file contents with up to 0x40000 bytes of data or uses MEMGETINFO, MEMUNLOCK, MEMERASE, and MEMWRITEOOB input/output control system calls.
Based on the name of the AcidRain binary uploaded to VirusTotal, which could be an abbreviation of "Ukraine Operation," SentinelOne suspects that the malware might have been developed explicitly for an operation against Ukraine and likely used to wipe modems in the KA-SAT cyberattack.
As a side note, the IOCTLs used by this malware also match the ones used by the VPNFilter malware 'dstr' wiper plugin, a malicious tool attributed to Russian GRU hackers.
If SentinelOne's KA-SAT hypothesis is confirmed, AcidRain would be the sixth data wiper malware deployed in attacks against Ukraine since the start of the year.
The day Russia invaded Ukraine, they also discovered a data wiper dubbed IsaacWiper and a new worm named HermeticWizard used to drop HermeticWiper payloads.
News URL
Related news
- TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service (source)
- New Cuttlefish malware infects routers to monitor traffic for credentials (source)
- New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials (source)
- New SOHO router malware aims for cloud accounts, internal company resources (source)