The recent cyberattack on U.S. satellite communications provider Viasat was most likely the result of destructive wiper malware, according to newly published security research.

The details of the cyberattack on Viasat's KA-SAT network have so far been light. The attack, which also disconnected remote access to about 5,800 wind turbine across Germany, was originally believed to be the result of a distributed denial of service attack, but researchers now believe it was the result of a new strain of wiper malware.

The researchers say AcidRain could be shorthand for "Ukraine." AcidRain was discovered by the researchers on March 15 after it was uploaded to VirusTotal from a user in Italy. The device is rendered inoperable once the wiping processes are complete.

AcidRain's function is relatively straightforward and takes a brute force attempt that may indicate that the attackers were unfamiliar with the particulars of the target firmware or wanted the tool to remain generic.

While the identity of the attackers is not known, there are similarities between AcidRain and the VPNFilter malware, which affected thousands of home and small business routers and network devices worldwide. The FBI blamed the Russian-backed Fancy Bear hacking group for the operation of the VPNFilter. Russia's military intelligence agency, the GRU, has been linked to both Sandworm and APT28.

The researchers note that AcidRain can't be tied to the larger Sandworm threat cluster, but it can be tied to the smaller one.

The researcher said that AcidRain is the seventh strain of malicious software to target Ukraine since the beginning of Russia's invasion.

Viasat has not yet responded to the contact from TechCrunch.

Viasat said in its first incident response report that the unnamed attackers exploited a misconfigured VPN appliance to gain remote access to thetrusted management segment of the KA-SAT network.

Viasat says that these destructive commands overwrote key data in flash memory on the modems, rendering them unable to access the network, but not permanently unusable.

It is unclear how legitimate commands could have such a disruptive effect on the modems.

Since the February attack, Viasat has shipped almost 30,000 modems to distributors to bring customers back online. The FBI has warned that US satellites could be the next target because the outage has not yet been fully resolved.

CISA, FBI warn of threats to US satellite networks after Viasat cyberattack

communications provider Viasatpublished security research.newly published securitysatellite communications provider
Related News
Patrick Mahomes, Kansas City Chiefs prevail against Buffalo Bills, win wild AFC divisional game in overtime
Popular on TVN
Stay In Touch

All Rights Reserved © 2024