AcidPour Wiper Deployed Against Ukrainian Targets

ddos attack russia

Researchers have discovered previously unseen wiper malware associated with Russia, which was used in an operation over two years ago targeting more than 10,000 satellite modems primarily in Ukraine just before Russia's invasion of the neighboring country.

Named AcidPour by security firm Sentinel One, this new malware bears striking resemblances to AcidRain, a wiper identified in March 2022, confirmed by Viasat to have been involved in the attack on its modems earlier that month. Wipers are malicious programs designed to destroy data or render devices unusable. Viasat reported AcidRain being installed on over 10,000 Eutelsat KA-SAT modems after attackers breached the company's private network.

Similarities Between AcidPour and VPNFilter

Sentinel One, the same firm that discovered AcidRain, noted technical similarities between it and a malware attributed to the Russian government in 2018, known as VPNFilter. This connection suggests AcidRain and the 2018 malware might be products of the same developer team. The recent discovery of AcidPour further supports this, indicating it was likely developed by the Kremlin-affiliated team.

Technical parallels between AcidPour and other malware, such as their reboot mechanism, recursive directory wiping logic, and wiping mechanism based on IOCTL, further reinforce this association. AcidPour also shares programming characteristics with other malware attributed to the Sandworm group, including Industroyer2 and CaddyWiper, both of which targeted Ukrainian infrastructure.

The programming language and techniques used in AcidPour align with those employed in previous Sandworm-related attacks, indicating a consistent modus operandi. Ukrainian authorities link AcidPour to UAC-0165, a splinter group associated with Sandworm, known for its history of targeting Ukrainian critical infrastructure.

Speculation from Sentinel One researchers suggests AcidPour may have been deployed to disrupt Ukrainian telecommunications networks, which have been offline since March 13, shortly before the discovery of the new wiper.

By Zaib
March 22, 2024
Computer Security
English
March 22, 2024
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Softcnapp Potentially Unwanted Application

1 month ago

Jegdex Scam

8 days ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

8 months ago

Trojan Al11 Malware Detection & Removal - An Essential...

12 months ago

'American Express - Update Your Account Information' Email Scam

7 months ago

Related Posts

Ransomware

Somnia Ransomware Used against Ukrainian Targets

Ukrainian CERT warned of a new family of ransomware deployed by Russian threat actors and used to target entities located in Ukraine. The new ransomware family is called Somnia and experts believe it is linked with a... Read more

November 15, 2022
Computer Security

NetSupport RAT Deployed Against Multiple Targets

Education, government, and business services sectors are currently under threat from malicious actors employing a remote access trojan named NetSupport RAT. According to a report from VMware Carbon Black researchers... Read more

November 21, 2023
Malware

Zhadnost Botnet Launches DDoS Campaigns Against Ukrainian Targets

The conflict between Russia and Ukraine is present online as well. It seems that Russian cybercriminals are using a previously unknown botnet in order to carry out distributed-denial-of-service (DDoS) attacks against... Read more

March 14, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.