Security News > 2022 > March > Viasat confirms satellite modems were wiped with AcidRain malware

Viasat confirms satellite modems were wiped with AcidRain malware
2022-03-31 17:25

A newly discovered data wiper malware that wipes routers and modems has been deployed in the cyberattack that targeted the KA-SAT satellite broadband service to wipe SATCOM modems on February 24, affecting thousands in Ukraine and tens of thousands more across Europe.

Used to wipe satellite communication modems in Ukraine.

Based on the name of the AcidRain binary uploaded to VirusTotal, which could be an abbreviation of "Ukraine Operation," SentinelOne said the malware might have been developed explicitly for an operation against Ukraine and likely used to wipe modems in the KA-SAT cyberattack.

The use of AcidRain to wipe modems was also confirmed by security researcher Ruben Santamarta who dumped the flash memory of a SATCOM modem corrupted in the attack against KA-SAT. As SentinelOne says, the destructive pattern observed by Santamarta matches the output of AcidRain's overwriting wiper method.

As a side note, the IOCTLs used by this malware also match the ones used by the VPNFilter malware 'dstr' wiper plugin, a malicious tool attributed to Russian GRU hackers.

AcidRain is the seventh data wiper malware deployed in attacks against Ukraine, with six others having been used to target the country since the start of the year.


News URL

https://www.bleepingcomputer.com/news/security/viasat-confirms-satellite-modems-were-wiped-with-acidrain-malware/