A new data wiper is targeting Linux x86 network devices

News
By Sead Fadilpašić
published

Researchers stumbled upon a distant relative of AcidRain

Illustration of a laptop with a magnifying glass exposing a beetle on-screen
(Image credit: Shutterstock / Kanoktuch)

Hackers have been observed targeting Linux x86 networking devices and Internet of Things (IoT) appliances with a new data wiper called AcidPour.

Data wipers are arguably among the most destructive forms of malware. Their goal is to simply destroy, or wipe, all of the data found on the compromised endpoint. 

They are used to disrupt companies and government organizations, or as a diversion, as hackers mount more important attacks elsewhere on the targeted infrastructure.

More targets

Security researchers from SentinelLabs, who analyzed the malware, believe it to be a variant of AcidRain, a data wiper first spotted two years ago. 

AcidRain was used by Russian hackers at the start of the invasion on Ukraine, when they targeted devices belonging to satellite communications provider Viasat. The goal was to hinder the communication infrastructure of the Ukrainian military. 

In May 2022, the Council of the European Union issued a press release in which, together with its international partners, “strongly condemned” the attack on the satellite KA-SAT network, operated by Viasat. The attack resulted in plenty of collateral damage, with thousands of civilian Viasat customers in Ukraine, as well as “tens of thousands” of customers across Europe all experiencing internet disruptions.

AcidPour’s code overlaps with that of AcidRain roughly 30%. Enough to be considered a distant relative of AcidRain, but not enough to precisely determine its origin. That being said, the researchers believe AcidPour is either a major upgrade, or a completely new piece of malware written by an entirely different threat actor. 

The key difference between AcidRain and AcidPour is that the latter seems to be targeting a wider array of devices. However, at this time, the researchers are not sure who the targets were, if they were any in the first place. 

"This is a threat to watch. My concern is elevated because this variant is a more powerful AcidRain variant, covering more hardware and operating system types," BleepingComputer cited Rob Joyce, the NSA's Director of Cybersecurity. 

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.