Acidpour

Malware Profile Updated 3 days ago
Download STIX
Preview STIX
AcidPour is a new form of malware, specifically a wiper, that has been recently identified as targeting Linux x86 devices. This malicious software is designed to infiltrate systems often without the user's knowledge and can cause significant damage by stealing personal information, disrupting operations, or holding data hostage for ransom. AcidPour, along with another wiper called AcidRain, are part of a series of cyber weapons that Russian actors have reportedly deployed against Ukrainian targets in recent years, particularly since the onset of the current conflict between these two nations. The Ukrainian Computer Emergency Response Team (CERT) has conducted an analysis of AcidPour and attributed its creation to UAC-0165, a threat actor believed to be part of the notorious Sandworm group, according to cybersecurity firm SentinelOne. This group is known for its sophisticated cyber attacks and has been implicated in numerous incidents involving Ukraine. The attribution provides further evidence of the ongoing cyber warfare tactics employed in the Russia-Ukraine conflict. What sets AcidPour apart from other forms of malware is its unique coding style, which SentinelOne describes as reminiscent of the pragmatic CaddyWiper. This coding style has been broadly utilized against Ukrainian targets, often in conjunction with other notable malware like Industroyer 2. This suggests a level of sophistication and strategic planning in these attacks, highlighting the evolving nature of cyber threats and the importance of robust cybersecurity measures.
What's your take? (Question 1 of 4)
a5fc36b6-db77-44dd-8086-6cd7f14b3f68 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Acidrain
3
AcidRain is a type of malware, specifically a wiper, that was first discovered by SentinelOne in February 2022 following a cyberattack on Viasat's KA-SAT network. The attack knocked offline approximately 10,000 satellite modems, causing significant disruptions. The threat actor infiltrated the syste
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Linux
Wiper
Ics
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SandwormUnspecified
2
Sandworm is a threat actor, often linked to Russia, known for its high-profile cyber attacks. The group gained notoriety for compromising 11 Ukrainian telecommunications providers and infiltrating Ukraine's telecom giant Kyivstar for months. In addition, Sandworm was responsible for disrupting power
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Acidpour Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
2 months ago
Russian APT Releases More Deadly Variant of AcidRain Wiper Malware
InfoSecurity-magazine
2 months ago
New AcidPour Wiper Targeting Linux Devices Spotted in Ukraine
Securityaffairs
2 months ago
New AcidPour wiper targets Linux x86 devices.
Securityaffairs
2 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
3 days ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs
24 days ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini