Acidrain

Malware updated 2 months ago (2024-06-27T17:17:35.833Z)

Download STIX

Preview STIX

AcidRain is a malicious software, or malware, that was first described in March, following a cyberattack that disrupted approximately 10,000 satellite modems associated with communications provider Viasat's KA-SAT network. The malware was discovered by cybersecurity firm SentinelOne in February 2022. AcidRain specifically targeted Viasat KA-SAT modems, affecting tens of thousands of them, and even causing spillover outside of Ukraine. It gained access through a poorly configured VPN in the remote-management network and delivered destructive payloads. Notably, AcidRain was one of at least 15 distinct wipers reported by Trellix to be used by Russian forces during the conflict. The AcidRain wiper campaign was part of a broader strategy by Russian actors against Ukrainian targets, particularly after the onset of the war between the two countries. This malware permanently disabled tens of thousands of Viasat KA-SAT satellite communications network consumer broadband modems. AcidRain shares notable similarities with other wipers such as AcidPour and VPNFilter, a modular attack platform linked to Sandworm by the US Department of Justice. SentinelOne found AcidPour's IOCTL-based wiping mechanism to be the same as the wiping mechanism in AcidRain and VPNFilter. Despite its effectiveness, AcidRain is considered less sophisticated compared to other wipers like AcidPour. For example, AcidRain excessively uses process forking and unwarranted repetition of certain operations, indicative of its overall sloppiness. However, the new wiper, AcidPour, includes features for use against a significantly broader range of targets than AcidRain, according to researchers at SentinelOne who discovered the threat. This shows an evolution in the sophistication and scope of these types of attacks.

Description last updated: 2024-06-27T17:15:37.310Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Acidpour	3	AcidPour is a newly identified malware variant that has been specifically designed to target Linux x86 devices. As a malicious software, AcidPour exploits and damages the targeted systems, potentially stealing personal information, disrupting operations, or holding data hostage for ransom. It infilt

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Wiper

Malware

Ukraine

Linux

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
WhisperGate	Unspecified	2	WhisperGate is a destructive malware, first identified by Microsoft in January 2022, that has been used to target Ukrainian organizations including government, non-profit, and IT entities. This malicious software operates as a wiper disguised as ransomware, causing significant damage to computer sys

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Sandworm	Unspecified	2	Sandworm, a Russia-linked threat actor group, has been implicated in a series of significant cyber-attacks targeting Ukraine's infrastructure. The group successfully compromised 11 Ukrainian telecommunication providers, demonstrating their extensive capabilities and the broad reach of their operatio

Source Document References

Information about the Acidrain Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	2 months ago	Russian Indicted for Wiper Malware Campaign Against Ukraine
DARKReading	6 months ago	Russian APT Releases More Deadly Variant of AcidRain Wiper Malware
InfoSecurity-magazine	6 months ago	New AcidPour Wiper Targeting Linux Devices Spotted in Ukraine
Securityaffairs	6 months ago	New AcidPour wiper targets Linux x86 devices.
CERT-EU	6 months ago	Firmware Monitoring is Just a Snapshot Away
CERT-EU	10 months ago	New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks
Securelist	2 years ago	Reassessing cyberwarfare. Lessons learned in 2022
CERT-EU	a year ago	Why CISOs should be concerned about space-based attacks
ESET	2 years ago	A year of wiper attacks in Ukraine \| WeLiveSecurity