Modem-wiping malware caused Viasat satellite broadband outage in Europe

2022-04-01 07:25

Tens of thousands of Viasat satellite broadband modems that were disabled in a cyber-attack some weeks ago were wiped by malware with possible links to Russia's destructive VPNFilter, according to SentinelOne.

In a statement, Viasat said the researchers' hypothesis was "Consistent with the facts in our report ... SentinelLabs identifies the destructive executable that was run on the modems using a legitimate management command as Viasat previously described."

Once pushed to and running on a SATCOM modem, AcidRain took a fairly brute-force approach to wiping a device's storage memory.

AcidRain rebooted the device once it completed its data wiping processes, and "This results in the device being rendered inoperable," the researchers wrote.

"The reason we bring up the specter of VPNFilter is not because of its superficial similarities to AcidRain but rather because of an interesting code overlap between a specific VPNFilter plugin and AcidRain," the SentinelOne pair wrote.

While AcidRain used brute force, which may allow it to be re-used successfully on multiple device models, VPNFilter took a more targeted approach to devices with hard-coded paths.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/01/sentinelone_wiper_viasat/

#broadband #europe #malware #outage #satellite #wiping

News URL

Related news