Wiper malware variant connected to Viasat attack during Ukraine conflict prompts additional concerns
A new malware variant named AcidPour, linked to Russia-based actors, has been identified by SentinelLabs researchers. This development underscores the evolving tactics and capabilities of these actors in the cyber realm [1].
What is AcidPour?
AcidPour is an evolution of the AcidRain wiper, designed to operate on Linux architectures, particularly x86. Its primary function is to irreversibly destroy data on infected devices, thereby impacting availability and recovery [1][5].
Capabilities and Usage
AcidPour's focus on stealthy, destructive operations in critical infrastructure environments complicates forensic recovery efforts. It has been observed targeting Ukrainian infrastructure, likely in connection with the ongoing Russia-Ukraine conflict, continuing the trend where AcidRain was used as a tool of cyber warfare [1][5].
The deployment of AcidPour presumably aims to disrupt critical infrastructure operations by wiping data and rendering systems inoperable. The targeting of industrial and critical infrastructure sectors aligns with prior Russia-linked cyberattacks aimed at causing strategic disruption [1][5].
Current Threat Level
Current monitoring and detection frameworks, such as those provided by Splunk Security Content, include detections specific to AcidPour, facilitating the identification and mitigation of attacks using this wiper [3][5].
Concerns and Implications
The disruption of multiple telecom networks in Ukraine, which have been offline since March 13, coincides with the discovery of AcidPour. Thousands of satellite broadband customers in Ukraine and tens of thousands of fixed broadband customers across Europe have been affected [2].
The intent of these attacks is to potentially impact Ukrainian operations on a larger scale than previous iterations and to continue disrupting key infrastructure and communication abilities for their targets [4]. The Ukraine invasion has raised concerns about malicious cyber activity targeting critical infrastructure in NATO member countries, including the U.S. [6].
Warning and Preparation
In 2022, the White House warned about possible retaliatory cyberattacks against U.S. targets in retaliation for economic sanctions imposed during the war. U.S. authorities have also expressed concerns about state-linked actors using cyber attacks to disrupt key industries in the West, such as energy providers, communications, military contractors, and other industries [7].
In light of these developments, it is crucial for organisations to strengthen their cyber resilience, particularly in the space sector, as the White House launched an effort to focus on in 2023 [2].
[1] SentinelLabs: AcidPour: A New Linux Wiper Targeting Critical Infrastructure [2] White House: Fact Sheet: Strengthening Cybersecurity for Critical Infrastructure Control Systems [3] Splunk: Splunk Security Content Updates: 2023-03-29 [4] Tom Hegel, Principal Threat Researcher: Email Statement [5] CrowdStrike: AcidPour: A New Linux Wiper Targeting Critical Infrastructure [6] U.S. State Department: Statement by State Department Spokesperson Ned Price on the Cyber Threat Activity by Russia [7] U.S. Cybersecurity and Infrastructure Security Agency: Russia, Iran, and China: Foreign Cyber Threats to the United States
- The ongoing threat of AcidPour, a destructive malware with possible ties to Russia, underscores the need for enhanced cybersecurity measures, particularly in the technology sphere and political discourse related to general news.
- In the context of heightened cybersecurity concerns, especially in light of the Ukraine conflict and warnings about potential retaliatory cyberattacks, it is vital for organizations, particularly those in the space sector, to prioritize cyber resilience to mitigate risks and ensure operational continuity.
