Malware 'Acid Rain' that erases the entire data of Ukrainian and EU satellite communication modems is found
In February 2022, it was revealed that the cyber attack on the communication satellite that caused enormous damage to Ukraine and Europe was caused by the new wiper type malware 'Acid Rain'.
AcidRain | A Modem Wiper Rains Down on Europe --SentinelOne
Viasat confirms satellite modems were wiped with AcidRain malware
https://www.bleepingcomputer.com/news/security/viasat-confirms-satellite-modems-were-wiped-with-acidrain-malware/
On February 24, the communication satellite 'KA-SAT' managed by Internet service provider Viasat was hit by a cyber attack, affecting Ukraine and other European countries.
It turns out that the satellite 'KA-SAT' covering Europe was attacked at the same time as Russia's invasion of Ukraine --GIGAZINE
According to security company SentinelOne, the cyberattack used malware that the company named 'Acid Rain.' The malware had the ability to brute force file names on devices and remove them.
Due to the brute force method of round-robin, SentinelOne is malware that attackers using 'AcidRain' are not familiar with the file system and firmware of satellite communication devices, or can be diverted to other targets. It is analyzed that it suggests that there was an intention to do it.
The direct cause of Acid Rain being identified as the cause of the hack that occurred in February was a file called ' ukrop ' that was uploaded to VirusTotal on March 15. When unpacked, this binary file destroys the entire file system of the compromised router or modem. In addition, storage such as flash memory and SD / MMC card, data such as virtual block devices will also be erased using any device identifier that can be used. And finally, reboot the device to make it completely unusable.
Researchers at SentinelOne commented on AcidRain: 'This binary file thoroughly erases files on the file system and various known storage devices.'
Since the file name 'ukrop' is presumed to be derived from the abbreviation ' Ukr aine Operation' or the derogatory name ' Ukrop ' that Russians use to refer to Ukrainians, Sentinel One is ' Ukrain One '. AcidRain may have been developed with an attack on Ukraine in mind. '
A Viasat spokeswoman told Bleeping Computer, an IT news site, 'SentinelOne's report on ukrop binaries is consistent with the facts contained in our accident findings report.'
According to Bleeping Computer, this is the seventh time that wiper-type malware has been identified in Ukraine since the beginning of 2022.
Related Posts:
in Software, Web Service, Security, Posted by log1l_ks