Juan Andres Guerrero-Saade reports:
Executive Summary
- On Thursday, February 24th, 2022, a cyber attack rendered Viasat KA-SAT modems inoperable in Ukraine.
- Spillover from this attack rendered 5,800 Enercon wind turbines in Germany unable to communicate for remote monitoring or control.
- Viasat’s statement on Wednesday, March 30th, 2022 provides a somewhat plausible but incomplete description of the attack.
- SentinelLabs researchers discovered new malware that we named ‘AcidRain’.
- AcidRain is an ELF MIPS malware designed to wipe modems and routers.
- We assess with medium-confidence that there are developmental similarities between AcidRain and a VPNFilter stage 3 destructive plugin. In 2018, the FBI and Department of Justice attributed the VPNFilter campaign to the Russian government
- AcidRain is the 7th wiper malware associated with the Russian invasion of Ukraine.
- Update: In a statement disseminated to journalists, Viasat confirmed the use of the AcidRain wiper in an attack against their modems.
Read the full article at SentinelLabs.