icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

New AcidPour Wiper Targeting Linux Devices Spotted in Ukraine

Summary:
Researchers at Sentinel Labs, uncovered a new variant of the destructive wiper malware AcidRain, called Acid Pour. AcidRain has been linked to Russian military intelligence and was notably used in a cyber-attack against Viasat’s KA-SAT satellites in Ukraine in May 2022, causing widespread disruptions. Acid Pour discovered on March 16, 2024, in a suspicious Linux binary from Ukraine, shares similarities with AcidRain, but extends its capabilities. It targets specific directories and device paths common in embedded Linux distributions, with a similar reboot mechanism. The new variant expands to include Linux Unsorted Block Image and Device Mapper logic, designed for flash memory devices and storage translation.

Sentinel Labs noted that Acid Pour’s enhanced capabilities could disable various embedded devices, including networking IoT, storage systems, and potentially industrial control systems running Linux x86 distributions. While AcidRain and AcidPour show proximity, only about 30% of their codebases overlap, indicating a potential different threat actor.

Security Officer Comments:
Ukrainian SSCIP attributed AcidPour to UAC-0165, a subgroup of Sandworm, an APT group associated with Russia’s GRU. The ongoing disruption of Ukranian telecommunication networks since March 13, aligns with the emergence of AcidPour. Sentinel Labs concluded that the transition from AcidRain to AcidPour reflects a strategic intent to cause substantial operational impact, showcasing both technical refinement and targeted selection to disrupt critical infrastructure and communications.

Suggested Corrections:
The SentinelLabs analyst publicly shared the malware's hash and called on the security research community to participate in collaborative analysis and verification, as the targets and distribution volume are currently unknown. A sample can be found on VirusTotal.The discovery of AcidPour is a wake-up call for the Linux community. The evolving nature of malware threats demands constant vigilance and adaptability from security practitioners. By staying informed, collaborating globally, and implementing robust security measures, Linux admins, infosec professionals, internet security enthusiasts, and sysadmins can effectively defend against current and future malware variants.

Link(s):
https://www.infosecurity-magazine.com/news/acidpour-wiper-linux-ukraine/
https://www.sentinelone.com/labs/acidpour-new-embedded-wiper-variant-of-acidrain-appears-in-ukraine/
https://www.bleepingcomputer.com/ne...data-wiper-targets-linux-x86-network-devices/

 

Contact Us for Threat Assistance
Back to Current Threats