A massive Viasat satellite last month happened that lead to a internet outage. Now it has been connected to malware capable of wiping data from modems and routers.
The malware, dubbed AcidRain, is a Unix executable program designed to target devices built with the MIPS architecture. Array of samples uploaded to virus total, The same sample came from Italy, where SkyLogic, the Viasat operator managing the affected network. The malware sample was labeled with the name “ukrop,” a possible reference to Ukraine Operation.
AcidRain represents at least the seventh data-wiping malware strain to target IT systems related to Ukraine. The attacks have been targeting numerous companies in the country since during and before Russia’s invasion.
AcidRain is capable of performing “an in-depth wipe of the filesystem and various known storage device files” on an infected modem. The malware will then trigger a reboot, leaving the device inoperable.
The investigation by researchers found the hackers behind the incident exploited a misconfigured VPN device to gain remote access to the satellite internet infrastructure, and then used “legitimate, targeted management commands” across a large number of modems to knock them offline.
The company’s report pointed to “destructive commands” overwriting key data in flash memory on the affected modems, rendering them useless. Viasat strongly denies the Sentinel One probe of AcidRain in ties systems.
Due to the ongoing investigation and to ensure the security of our systems from ongoing attack, we cannot publicly share all forensic details of the event. Through this process, we have been, and continue to cooperate with various law enforcement and government agencies around the world, who’ve had access to details of the event. – Viasat statement