Skip to main content
close search
site logo
Dive Brief

Novel variant of wiper linked to Viasat attack during Ukraine war raises new fears

Researchers at SentinelLabs warn the new variant, called AcidPour, could place IoT, networking devices at risk.

Published March 22, 2024
David Jones's headshot
Reporter
A man and a woman shake hands in front of a desk that has flags from the U.S. and Ukraine. The people are in front of a blue background with CISA logos.
CISA Director Jen Easterly, right, shakes hands with SSSCIP Deputy Chairman Oleksandr Potii over an agreement to deepen cyber relations between the U.S. and Ukraine on Wednesday, July 27, 2022 in Washington. Retrieved from Jen Easterly/CISA.

Dive Brief:

  • Security researchers are warning about a novel variant of the AcidRain wiper, which was used to disrupt satellite communications during Russia's invasion of Ukraine, according to a blog post released Thursday by SentinelLabs
  • The discovery of the new variant, dubbed AcidPour, coincides with the disruption of multiple telecom networks in Ukraine, which have been offline since March 13.
  • The AcidPour variant has capabilities beyond that of AcidRain, raising fears that embedded devices are at risk, including IoT, networking, large storage and even industrial control systems devices running Linux x86 distributions, according to SentinelLabs.

Dive Insight:

The Ukraine invasion led to major concerns about malicious cyber activity being used to target critical infrastructure in NATO member countries, including the U.S. U.S. authorities repeatedly warned about the potential of state-linked actors using cyber to disrupt key industries in the West, including energy providers, communications, military contractors and other industries.  

The U.S. State Department in May 2022 joined European officials in condemning the malicious cyberthreat activity on Russia, which used wipers, DDoS and other methods to interfere with Ukraine's systems at the start of the war in February 2022. 

The attacks disrupted thousands of satellite broadband customers in Ukraine and tens of thousands of fixed broadband customers across Europe. The KA-SAT network, which was disrupted by the 2022 attacks, operated on behalf of Viasat by Skylogic, a subsidiary of Eutelsat.  

The White House warned in 2022 about possible retaliatory cyberattacks against U.S. targets in retaliation for economic sanctions imposed during the war. 

The advent of AcidPour shows that Russia-linked actors are continuing to evolve their tactics and capabilities, according to SentinelLabs researchers. 

“The intent is to perhaps impact Ukrainian operations at an even larger scale than the previous iteration and continue to disrupt key infrastructure and communication abilities for their targets,” said Tom Hegel, principal threat researcher, via email. 

The White House in 2023 launched an effort to focus cyber resilience efforts on space, as concerns grew about the ability of malicious attacks against satellite communications and other critical technologies. 

Filed Under: Cyberattacks, Threats

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell