Threat Intelligence

AcidPour wiper suspected to be used against Ukrainian telecom networks

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system is released. Read more

Ars Technica reports that several Ukrainian telecommunications networks have been disrupted for more than a week following attacks claimed by the threat actor SoIntsepekZ, which were suspected to involve the AcidPour wiper malware.

AcidPour has significant similarities with the AcidRain wiper leveraged by Russia in an attack against satellite internet provider Viasat before it invaded Ukraine, including the same reboot mechanisms, recursive directory wiping logic, and IOCTL-based wiping mechanism, indicating that both payloads were developed by the same developer, a report from SentinelOne revealed. Despite an inconclusive link between the ISP takedowns and AcidPour, researchers hypothesized the potential for a more complex intrusion due to the prolonged nature of disruption. "The transition from AcidRain to AcidPour, with its expanded capabilities, underscores the strategic intent to inflict significant operational impact. This progression reveals not only a refinement in the technical capabilities of these threat actors but also their calculated approach to select targets that maximize follow-on effects, disrupting critical infrastructure and communications," researchers added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.