Acidrain

Malware updated 23 days ago (2024-11-29T14:02:50.082Z)
Download STIX
Preview STIX
AcidRain is a malicious software, or malware, that was first described in March, following a cyberattack that disrupted approximately 10,000 satellite modems associated with communications provider Viasat's KA-SAT network. The malware was discovered by cybersecurity firm SentinelOne in February 2022. AcidRain specifically targeted Viasat KA-SAT modems, affecting tens of thousands of them, and even causing spillover outside of Ukraine. It gained access through a poorly configured VPN in the remote-management network and delivered destructive payloads. Notably, AcidRain was one of at least 15 distinct wipers reported by Trellix to be used by Russian forces during the conflict. The AcidRain wiper campaign was part of a broader strategy by Russian actors against Ukrainian targets, particularly after the onset of the war between the two countries. This malware permanently disabled tens of thousands of Viasat KA-SAT satellite communications network consumer broadband modems. AcidRain shares notable similarities with other wipers such as AcidPour and VPNFilter, a modular attack platform linked to Sandworm by the US Department of Justice. SentinelOne found AcidPour's IOCTL-based wiping mechanism to be the same as the wiping mechanism in AcidRain and VPNFilter. Despite its effectiveness, AcidRain is considered less sophisticated compared to other wipers like AcidPour. For example, AcidRain excessively uses process forking and unwarranted repetition of certain operations, indicative of its overall sloppiness. However, the new wiper, AcidPour, includes features for use against a significantly broader range of targets than AcidRain, according to researchers at SentinelOne who discovered the threat. This shows an evolution in the sophistication and scope of these types of attacks.
Description last updated: 2024-06-27T17:15:37.310Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Acidpour is a possible alias for Acidrain. AcidPour is a newly identified malware variant that has been specifically designed to target Linux x86 devices. As a malicious software, AcidPour exploits and damages the targeted systems, potentially stealing personal information, disrupting operations, or holding data hostage for ransom. It infilt
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Wiper
Malware
Ukraine
Linux
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The WhisperGate Malware is associated with Acidrain. WhisperGate is a malicious software (malware) deployed by Unit 29155 cyber actors, known for their extensive use of this malware, particularly against Ukraine. The malware corrupts a system's master boot record, displays a fake ransomware note, and encrypts files based on specific file extensions. TUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Sandworm Threat Actor is associated with Acidrain. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which cUnspecified
2
Source Document References
Information about the Acidrain Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more