• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
russian wiper malware responsible for recent cyberattack on viasat ka sat

Russian Wiper Malware Responsible for Recent Cyberattack on Viasat KA-SAT Modems

You are here: Home / General Cyber Security News / Russian Wiper Malware Responsible for Recent Cyberattack on Viasat KA-SAT Modems
April 1, 2022

The cyberattack aimed at Viasat that briefly knocked KA-SAT modems offline on February 24, 2022, the very same day Russian army forces invaded Ukraine, is considered to have been the consequence of wiper malware, in accordance to the newest investigation from SentinelOne.

The conclusions arrive as the U.S. telecom enterprise disclosed that it was the target of a multifaceted and deliberate” cyberattack versus its KA-SAT network, linking it to a “ground-primarily based network intrusion by an attacker exploiting a misconfiguration in a VPN equipment to acquire remote access to the trusted management phase of the KA-SAT network.”

Upon getting obtain, the adversary issued “damaging instructions” on tens of 1000’s of modems belonging to the satellite broadband company that “overwrote important knowledge in flash memory on the modems, rendering the modems unable to entry the network, but not permanently unusable.”

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

But SentinelOne mentioned it uncovered a new piece of malware on March 15 that casts the whole incident in a fresh new gentle – a source chain compromise of the KA-SAT management system to produce the wiper, dubbed AcidRain, to the modems and routers and achieve scalable disruption.

AcidRain is fashioned as a 32-bit MIPS ELF executable that “performs an in-depth wipe of the filesystem and a variety of identified storage system files,” scientists Juan Andres Guerrero-Saade and Max van Amerongen claimed. “If the code is running as root, AcidRain performs an preliminary recursive overwrite and delete of non-regular data files in the filesystem.”

The moment the wiping approach is comprehensive, the machine is rebooted to render it inoperable. This tends to make AcidRain the seventh wiper strain to be uncovered since the start off of the yr in connection with the Russo-Ukrainian war immediately after WhisperGate, WhisperKill, HermeticWiper, IsaacWiper, CaddyWiper, and DoubleZero.

CyberSecurity

Further more assessment of the wiper sample has also uncovered an “fascinating” code overlap with a third phase plugin (“dstr”) used in attacks involving a malware household termed VPNFilter, which has been attributed to the Russian Sandworm (aka Voodoo Bear) team.

In late February 2022, intelligence companies from the U.K. and the U.S. disclosed a successor to VPNFilter, calling the replacement framework Cyclops Blink.

That getting mentioned, it really is still unclear how the danger actors attained entry to the VPN. In a statement shared with Ars Technica, Viasat verified that data destroying malware was certainly deployed on modems working with “reputable administration” commands but has refrained from sharing even further details citing an ongoing investigation.

Identified this write-up interesting? Observe THN on Fb, Twitter  and LinkedIn to go through extra exceptional content we post.


Some elements of this article are sourced from:
thehackernews.com

Previous Post: «apple rushes out patches for 0 days in macos, ios Apple Rushes Out Patches for 0-Days in MacOS, iOS
Next Post: Is Kaspersky still safe to use or does it pose a cyber security threat? is kaspersky still safe to use or does it pose»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.