New Data Wiper Discovered That Was Used in Viasat Cyberattack
Administration divided over Kaspersky sanctions, Treasury sanctions Russian lab that reported created Trisis, Biden eyes changing Trump-era policy that gave DoD unprecedented cyber authority, more
CLICK HERE FOR THE SOLUTION TO ALL CYBERSECURITY PROBLEMS!
My latest CSO column updates the timeline of developments surrounding cyber incidents related to Russia’s invasion of Ukraine.
Researchers at SentinelOne say they discovered that a new data wiper, AcidRain, has been deployed in the cyberattack that targeted Viasat's KA-SAT satellite broadband service. That service had been used to wipe SATCOM modems on February 24, affecting thousands in Ukraine and tens of thousands more across Europe.
AcidRain is designed to brute-force device file names and wipe every file it can find, making it easy to redeploy in future attacks. First spotted on March 15 after its upload onto the VirusTotal malware analysis platform, the malware goes through the compromised router or modem's entire filesystem. It also wipes flash memory, SD/MMC cards, and any virtual block devices it can find, using all possible device identifiers.
SentinelOne said the malware might have been developed explicitly for an ope…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.