Modem-wiping malware was behind Viasat cyberattack
Viasat, a satellite operator, has confirmed that the new and destructive malware AcidRain was behind a cyberattack that targeted end-user modems in Ukraine and parts of Europe on the same day that Russia invaded. Security researchers at SentinelLabs have published their findings regarding the new malware, which is a Linux file format designed to wipe modems and routers. The malware was responsible for knocking out thousands of Viasat’s KA-SAT routers on February 24. SentinelLabs states that AcidRain shares some similarities with stage 3 component of VPNFilter, a malware type blocked by Ukraine in 2018.
The blocking was due to the threat of attacks on critical infrastructure, and Ukraine was joined by the FBI in taking action against the malware after telling the public to reboot their routers to rid themselves of the malicious content. Viasat confirmed at the time of the attack that the incident did not pertain to the satellite network itself, but rather a denial of service attack from modems located in Ukraine.