Mystery solved in destructive attack that knocked out >10k Viasat modems
Viasat—the high-speed-satellite-broadband provider whose modems were knocked out in Ukraine and other parts of Europe earlier in March—confirmed a theory by third-party researchers that new wiper malware with possible ties to the Russian government was responsible for the attack.
In a report published Thursday, researchers at SentinelOne said they uncovered the new modem wiper and named it AcidRain. The researchers said AcidRain shared multiple technical similarities to parts of VPNFilter, a piece of malware that infected more than 500,000 home and small-office modems in the US. Multiple US government agencies—first the FBI and later organizations including the National Security Agency—all attributed the modem malware to Russian state threat actors.
SentinelOne researchers Juan Andres Guerrero-Saade and Max van Amerongen posited that AcidRain was used in a cyberattack that sabotaged thousands of modems used by Viasat customers. Among the clues they found was the name “ukrop” for one of AcidRain’s source binaries.